539b0b5d54757e8a2b754ecdc2939eb7cf9db0ed1728e0eca407500222668505 (SHA256)
fcr.exe
Windows Exe (x86-32)
Created at 2018-09-23 19:12:00
Notifications (2/3)
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
The overall sleep time of all monitored processes was truncated from "1 minute" to "20 seconds" to reveal dormant functionality.
The operating system was rebooted during the analysis.
Monitored Processes
Behavior Information - Sequential View
Process #1: fcr.exe
11605
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fcr.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:40, Reason: Analysis Target |
| Unmonitor | End Time: 00:05:21, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:41 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa4c |
| Parent PID | 0x568 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A50
0x
A58
0x
A5C
0x
A78
0x
A7C
0x
A98
0x
A9C
0x
AA0
0x
AA4
0x
AA8
0x
AB4
0x
AB8
0x
ABC
0x
AC0
0x
AC4
0x
AC8
0x
ACC
0x
AD0
0x
AD4
0x
AD8
0x
ADC
0x
AE0
0x
AE4
0x
AE8
0x
AEC
0x
AF0
0x
AF4
0x
AF8
0x
AFC
0x
B00
0x
B04
0x
B08
0x
B0C
0x
B10
0x
B14
0x
B18
0x
B1C
0x
B20
0x
B24
0x
B28
0x
B2C
0x
B30
0x
B34
0x
B38
0x
B3C
0x
B40
0x
B44
0x
B48
0x
B4C
0x
B50
0x
B54
0x
B58
0x
B5C
0x
B60
0x
B64
0x
B68
0x
B6C
0x
B70
0x
B74
0x
B78
0x
B7C
0x
B80
0x
B84
0x
B88
0x
B8C
0x
B90
0x
B94
0x
B98
0x
B9C
0x
BA0
0x
BA4
0x
BA8
0x
BAC
0x
BB0
0x
BB4
0x
BB8
0x
BBC
0x
BC0
0x
BC4
0x
BC8
0x
BCC
0x
BD0
0x
BD4
0x
BD8
0x
BDC
0x
BE0
0x
BE4
0x
BE8
0x
BEC
0x
BF0
0x
BF4
0x
BF8
0x
BFC
0x
15C
0x
808
0x
818
0x
828
0x
490
0x
4AC
0x
358
0x
844
0x
84C
0x
848
0x
840
0x
83C
0x
69C
0x
850
0x
6A0
0x
624
0x
7C0
0x
4A0
0x
74C
0x
640
0x
504
0x
614
0x
34C
0x
854
0x
348
0x
5D0
0x
488
0x
5A0
0x
4FC
0x
320
0x
57C
0x
7C4
0x
660
0x
6DC
0x
890
0x
868
0x
864
0x
860
0x
85C
0x
8A8
0x
88C
0x
8D4
0x
888
0x
87C
0x
880
0x
884
0x
878
0x
874
0x
8B0
0x
8E4
0x
8AC
0x
8A4
0x
8A0
0x
89C
0x
898
0x
894
0x
870
0x
86C
0x
720
0x
740
0x
8F0
0x
900
0x
91C
0x
938
0x
8C8
0x
96C
0x
578
0x
834
0x
838
0x
1E4
0x
600
0x
4C0
0x
7A8
0x
6A8
0x
7C8
0x
90
0x
560
0x
5E0
0x
440
0x
5F8
0x
674
0x
73C
0x
32C
0x
454
0x
480
0x
118
0x
3F8
0x
458
0x
41C
0x
804
0x
814
0x
82C
0x
830
0x
858
0x
310
0x
314
0x
324
0x
5A4
0x
8CC
0x
8B4
0x
8BC
0x
8B8
0x
8C0
0x
980
0x
984
0x
978
0x
9E0
0x
9E4
0x
9F8
0x
9F4
0x
9F0
0x
9E8
0x
9DC
0x
9FC
0x
94C
0x
9D4
0x
A24
0x
9C0
0x
998
0x
99C
0x
A28
0x
9D0
0x
9A0
0x
9D8
0x
9A4
0x
9C8
0x
994
0x
990
0x
A48
0x
968
0x
974
0x
A54
0x
A60
0x
98C
0x
A64
0x
388
0x
3B0
0x
3C8
0x
3BC
0x
238
0x
7A0
0x
9EC
0x
A68
0x
7D8
0x
A6C
0x
5DC
0x
A70
0x
90C
0x
910
0x
914
0x
920
0x
820
0x
4E0
0x
4E8
0x
510
0x
438
0x
530
0x
7D0
0x
580
0x
7B8
0x
7BC
0x
110
0x
7DC
0x
62C
0x
478
0x
810
0x
728
0x
1C4
0x
7EC
0x
644
0x
6AC
0x
71C
0x
174
0x
360
0x
604
0x
738
0x
418
0x
328
0x
30C
0x
7AC
0x
6A4
0x
128
0x
5B8
0x
5CC
0x
5D4
0x
468
0x
67C
0x
680
0x
794
0x
344
0x
700
0x
A74
0x
7E8
0x
7E4
0x
584
0x
758
0x
C4
0x
54C
0x
C0
0x
754
0x
784
0x
6D4
0x
6BC
0x
7F4
0x
918
0x
97C
0x
A8C
0x
AB0
0x
A94
0x
A84
0x
A90
0x
A80
0x
A88
0x
AA0
0x
A9C
0x
AA8
0x
AB8
0x
AC0
0x
ABC
0x
AC4
0x
AE0
0x
ADC
0x
AE8
0x
AE4
0x
AD8
0x
AA4
0x
AB4
0x
B38
0x
B08
0x
AC8
0x
ACC
0x
B10
0x
AF4
0x
B14
0x
B18
0x
AFC
0x
B1C
0x
B00
0x
B20
0x
AF0
0x
B24
0x
B04
0x
B28
0x
B2C
0x
B0C
0x
B30
0x
B34
0x
AEC
0x
AF8
0x
B40
0x
B44
0x
B4C
0x
B54
0x
B5C
0x
B60
0x
B64
0x
B70
0x
B88
0x
B90
0x
B94
0x
BB0
0x
BA4
0x
BFC
0x
15C
0x
808
0x
828
0x
848
0x
83C
0x
69C
0x
878
0x
BA8
0x
898
0x
870
0x
86C
0x
938
0x
96C
0x
578
0x
834
0x
838
0x
BB4
0x
B80
0x
B7C
0x
5D0
0x
AD0
0x
1E4
0x
4C0
0x
7C8
0x
90
0x
560
0x
B48
0x
458
0x
814
0x
310
0x
314
0x
324
0x
5A4
0x
9C8
0x
A48
0x
968
0x
3B0
0x
3C8
0x
8C8
0x
B98
0x
B8C
0x
488
0x
B58
0x
850
0x
6A0
0x
624
0x
7C0
0x
4A0
0x
614
0x
854
0x
348
0x
914
0x
810
0x
644
0x
604
0x
990
0x
5D4
0x
720
0x
A20
0x
A44
0x
62C
0x
894
0x
994
0x
3BC
0x
9EC
0x
B3C
0x
7E8
0x
7E4
0x
504
0x
238
0x
7A0
0x
758
0x
C4
0x
754
0x
784
0x
6D4
0x
6BC
0x
358
0x
918
0x
97C
0x
7A8
0x
4E0
0x
4E8
0x
8A0
0x
A9C
0x
844
0x
ADC
0x
AE4
0x
5CC
0x
5B8
0x
AD8
0x
468
0x
B10
0x
5DC
0x
454
0x
3F8
0x
54C
0x
828
0x
A68
0x
820
0x
A1C
0x
7F4
0x
A40
0x
A34
0x
A38
0x
A3C
0x
A30
0x
B9C
0x
A84
0x
7D8
0x
32C
0x
AD4
0x
580
0x
AF4
0x
A94
0x
794
0x
67C
0x
90C
0x
320
0x
480
0x
440
0x
73C
0x
BFC
0x
B24
0x
B78
0x
A90
0x
854
0x
808
0x
15C
0x
758
0x
6BC
0x
ACC
0x
7C0
0x
A9C
0x
AB8
0x
91C
0x
728
0x
5A0
0x
A54
0x
8D4
0x
4FC
0x
57C
0x
85C
0x
874
0x
B6C
0x
864
0x
860
0x
888
0x
884
0x
8B0
0x
C04
0x
C08
0x
C0C
0x
C10
0x
C14
0x
C18
0x
C1C
0x
C20
0x
C24
0x
C28
0x
C2C
0x
C30
0x
C34
0x
C38
0x
C3C
0x
C40
0x
C44
0x
C48
0x
C4C
0x
C50
0x
C54
0x
C58
0x
C5C
0x
C60
0x
C64
0x
C68
0x
C6C
0x
C70
0x
C74
0x
C78
0x
C7C
0x
C80
0x
C84
0x
C88
0x
C8C
0x
C90
0x
C94
0x
C98
0x
C9C
0x
CA0
0x
CA4
0x
CA8
0x
CAC
0x
CB0
0x
CB4
0x
CB8
0x
CBC
0x
CC0
0x
CC4
0x
CC8
0x
CCC
0x
CD0
0x
CD4
0x
CD8
0x
CDC
0x
CE0
0x
CE4
0x
CE8
0x
CEC
0x
CF0
0x
CF4
0x
CF8
0x
CFC
0x
D00
0x
D04
0x
D08
0x
D0C
0x
D10
0x
D14
0x
D18
0x
D1C
0x
D20
0x
D24
0x
D28
0x
D2C
0x
D30
0x
D34
0x
D38
0x
D3C
0x
D40
0x
D44
0x
D48
0x
D4C
0x
D50
0x
D54
0x
D58
0x
D5C
0x
D60
0x
D64
0x
D68
0x
D6C
0x
D70
0x
D74
0x
D78
0x
D7C
0x
D80
0x
D84
0x
D88
0x
D8C
0x
D90
0x
D94
0x
D98
0x
D9C
0x
DA0
0x
DA4
0x
DA8
0x
DAC
0x
DB0
0x
DB4
0x
DB8
0x
DBC
0x
DC0
0x
DC4
0x
DC8
0x
DCC
0x
DD0
0x
DD4
0x
DD8
0x
DDC
0x
DE0
0x
DE4
0x
DE8
0x
DEC
0x
DF0
0x
DF4
0x
DF8
0x
DFC
0x
E00
0x
E04
0x
E08
0x
E0C
0x
E10
0x
E14
0x
E18
0x
E1C
0x
E20
0x
E24
0x
E28
0x
E2C
0x
E30
0x
E34
0x
E38
0x
E3C
0x
E40
0x
E44
0x
E48
0x
E4C
0x
E50
0x
E54
0x
E58
0x
E5C
0x
E60
0x
E64
0x
E68
0x
E6C
0x
E70
0x
E74
0x
E78
0x
E7C
0x
E80
0x
E84
0x
E88
0x
E8C
0x
E90
0x
E94
0x
E98
0x
E9C
0x
EA0
0x
EA4
0x
EA8
0x
EAC
0x
EB0
0x
EB4
0x
EB8
0x
EBC
0x
EC0
0x
EC4
0x
EC8
0x
ECC
0x
ED0
0x
ED4
0x
ED8
0x
EDC
0x
EE0
0x
EE4
0x
EE8
0x
EEC
0x
EF0
0x
EF4
0x
EF8
0x
EFC
0x
F00
0x
F04
0x
F08
0x
F0C
0x
F10
0x
F14
0x
F18
0x
F1C
0x
F20
0x
F24
0x
F28
0x
F2C
0x
F30
0x
F34
0x
F38
0x
F3C
0x
F40
0x
F44
0x
F48
0x
F4C
0x
F50
0x
F54
0x
F58
0x
F5C
0x
F60
0x
F64
0x
F68
0x
F6C
0x
F70
0x
F74
0x
F78
0x
F7C
0x
F80
0x
F84
0x
F88
0x
F8C
0x
F90
0x
F94
0x
F98
0x
F9C
0x
FA0
0x
FA4
0x
FA8
0x
FAC
0x
FB0
0x
FB4
0x
FB8
0x
FBC
0x
FC0
0x
FC8
0x
FCC
0x
FD0
0x
FD4
0x
FD8
0x
FDC
0x
FE0
0x
FE4
0x
FE8
0x
FEC
0x
FF0
0x
FF4
0x
FF8
0x
FFC
0x
880
0x
9A4
0x
660
0x
7C4
0x
600
0x
ABC
0x
AC0
0x
AA8
0x
99C
0x
74C
0x
9D0
0x
128
0x
998
0x
9C0
0x
30C
0x
8A4
0x
700
0x
174
0x
71C
0x
7EC
0x
478
0x
F28
0x
B80
0x
F30
0x
F34
0x
90C
0x
A90
0x
F48
0x
F50
0x
854
0x
F5C
0x
890
0x
530
0x
388
0x
1C4
0x
B8C
0x
6A0
0x
344
0x
8CC
0x
8B0
0x
7B8
0x
7D0
0x
888
0x
BA4
0x
B9C
0x
A1C
0x
A30
0x
614
0x
680
0x
BA0
0x
A80
0x
7BC
0x
AE4
0x
B14
0x
83C
0x
B08
0x
B04
0x
AC4
0x
900
0x
9D8
0x
5CC
0x
B98
0x
874
0x
4FC
0x
C28
0x
8F0
0x
510
0x
320
0x
7A0
0x
580
0x
B5C
0x
C4C
0x
C50
0x
C54
0x
C68
0x
C78
0x
33C
0x
B70
0x
C88
0x
C90
0x
C98
0x
AD8
0x
B88
0x
B60
0x
B54
0x
B4C
0x
B0C
0x
B28
0x
34C
0x
894
0x
994
0x
9EC
0x
7E4
0x
B2C
0x
B34
0x
AF8
0x
B40
0x
B44
0x
3BC
0x
7E8
0x
B84
0x
810
0x
644
0x
604
0x
5D4
0x
A20
0x
A44
0x
62C
0x
C9C
0x
864
0x
A40
0x
860
0x
CA4
0x
C8C
0x
440
0x
754
0x
458
0x
814
0x
6A8
0x
C04
0x
91C
0x
AA0
0x
ACC
0x
C08
0x
878
0x
898
0x
834
0x
BB4
0x
C20
0x
C5C
0x
C58
0x
C1C
0x
57C
0x
CD0
0x
1E4
0x
CBC
0x
324
0x
AE8
0x
D08
0x
D1C
0x
D2C
0x
D38
0x
D3C
0x
D34
0x
D4C
0x
D44
0x
32C
0x
C44
0x
D24
0x
A60
0x
C84
0x
DC8
0x
E38
0x
CAC
0x
E44
0x
5D0
0x
E40
0x
DC4
0x
118
0x
728
0x
A34
0x
8D4
0x
A54
0x
BFC
0x
B78
0x
A9C
0x
B6C
0x
6BC
0x
C94
0x
454
0x
AB8
0x
73C
0x
B24
0x
A2C
0x
D04
0x
A3C
0x
54C
0x
820
0x
C38
0x
B80
0x
F30
0x
F34
0x
90C
0x
A90
0x
42C
0x
85C
0x
7F4
0x
A0C
0x
A10
0x
A14
0x
A18
0x
C0
0x
A64
0x
328
0x
A08
0x
A84
0x
F48
0x
CA0
0x
868
0x
AB4
0x
CB0
0x
5E0
0x
47C
0x
460
0x
F28
0x
F50
0x
854
0x
F5C
0x
840
0x
E5C
0x
8C8
0x
DC0
0x
F44
0x
D10
0x
DCC
0x
DE8
0x
DEC
0x
E10
0x
E14
0x
E18
0x
E1C
0x
E20
0x
E28
0x
DBC
0x
C0C
0x
F54
0x
588
0x
E2C
0x
314
0x
FD4
0x
FCC
0x
FD0
0x
F2C
0x
670
0x
758
0x
FD8
0x
F74
0x
F78
0x
FEC
0x
F3C
0x
F84
0x
F80
0x
FF4
0x
FDC
0x
FE0
0x
FE4
0x
FF8
0x
F8C
0x
F88
0x
FE8
0x
F94
0x
F98
0x
7C4
0x
FA8
0x
FC0
0x
98C
0x
D28
0x
67C
0x
D20
0x
CC4
0x
DB8
0x
DD8
0x
DE0
0x
DDC
0x
DE4
0x
DF8
0x
DFC
0x
E04
0x
E08
0x
B18
0x
D0C
0x
C2C
0x
A74
0x
8A0
0x
B38
0x
15C
0x
B1C
0x
C34
0x
B7C
0x
9BC
0x
9B8
0x
9B4
0x
CE0
0x
9B0
0x
9AC
0x
9A8
0x
B20
0x
988
0x
CB4
0x
ADC
0x
CD8
0x
F90
0x
F08
0x
CF4
0x
E30
0x
C30
0x
858
0x
8AC
0x
AC8
0x
F20
0x
CA8
0x
304
0x
1C4
0x
8B0
0x
7B8
0x
7D0
0x
888
0x
BA4
0x
B9C
0x
E50
0x
4FC
0x
7A0
0x
C4C
0x
C54
0x
33C
0x
C98
0x
CFC
0x
B44
0x
810
0x
604
0x
D00
0x
C78
0x
CF8
0x
B54
0x
7E8
0x
864
0x
BB4
0x
C20
0x
B14
0x
AFC
0x
AF0
0x
E48
0x
B70
0x
E34
0x
B34
0x
438
0x
CD0
0x
324
0x
E3C
0x
F64
0x
9D8
0x
C90
0x
974
0x
C3C
0x
B00
0x
560
0x
914
0x
C28
0x
4C0
0x
DD0
0x
E00
0x
C68
0x
7F4
0x
328
0x
A08
0x
F28
0x
A0C
0x
34C
0x
DF4
0x
E24
0x
740
0x
C08
0x
FD8
0x
FA0
0x
FA4
0x
FB0
0x
E0C
0x
938
0x
F38
0x
6BC
0x
D04
0x
F40
0x
8B8
0x
850
0x
CD4
0x
54C
0x
738
0x
EA0
0x
F88
0x
F60
0x
A10
0x
6DC
0x
F50
0x
F24
0x
880
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x00023fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x001a0000 | 0x00206fff | Memory Mapped File | r |
|
|
|
- |
| rsaenh.dll | 0x00210000 | 0x0024bfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0024ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x0028ffff | Private Memory | rw |
|
|
|
- |
| imm32.dll | 0x00290000 | 0x002adfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x00290fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000002c0000 | 0x002c0000 | 0x002c1fff | Pagefile Backed Memory | r |
|
|
|
- |
| windowsshell.manifest | 0x002d0000 | 0x002d0fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x002dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d3fff | Pagefile Backed Memory | rw |
|
|
|
- |
| bootstat.dat id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002dffff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| benioku.htm id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d4fff | Memory Mapped File | rw |
|
|
|
|
| aclviho asldjfl.contact id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| eqnedt32.cnt id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| ij-zpqpb5yo5-lgm1kvt.m4a id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d3fff | Memory Mapped File | rw |
|
|
|
|
| onenotemui.xml id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| msmapi32.dll id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002defff | Memory Mapped File | rw |
|
|
|
|
| djwv5qvlo-f36hg32j.pptx id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.visualstudio.tools.applications.contract.v10.0.dll id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d5fff | Memory Mapped File | rw |
|
|
|
|
| office10.dll id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d3fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| accessibility.properties id-bry0hiifvldg0s8v.bdkr | 0x002d0000 | 0x002d0fff | Memory Mapped File | rw |
|
|
|
|
| pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| cversions.1.db | 0x00300000 | 0x00303fff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0x00300000 | 0x00303fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000310000 | 0x00310000 | 0x0038ffff | Private Memory | rw |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db | 0x00390000 | 0x003aefff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x003bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000003b0000 | 0x003b0000 | 0x003b3fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000003c0000 | 0x003c0000 | 0x003c3fff | Pagefile Backed Memory | rw |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db | 0x003c0000 | 0x003effff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0x003f0000 | 0x003f3fff | Memory Mapped File | r |
|
|
|
- |
| fcr.exe | 0x00400000 | 0x00405fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000410000 | 0x00410000 | 0x0050ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000510000 | 0x00510000 | 0x00510fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000510000 | 0x00510000 | 0x00513fff | Pagefile Backed Memory | rw |
|
|
|
- |
| bootsect.bak id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00511fff | Memory Mapped File | rw |
|
|
|
|
| et-7ebrfgtkuwqvif3bz.m4a id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x0051efff | Memory Mapped File | rw |
|
|
|
|
| gcqtiaw8mwqp.mp3 id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x0051efff | Memory Mapped File | rw |
|
|
|
|
| hhuwu2fyuyikneve0.m4a id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00510fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00510fff | Memory Mapped File | rw |
|
|
|
|
| suggested sites.url id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00510fff | Memory Mapped File | rw |
|
|
|
|
| web slice gallery.url id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00510fff | Memory Mapped File | rw |
|
|
|
|
| {1d1dbf3a-752f-47e2-be70-d848d4a9afb0} id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00511fff | Memory Mapped File | rw |
|
|
|
|
| active.grl id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00513fff | Memory Mapped File | rw |
|
|
|
|
| winfxlist.xml id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00510fff | Memory Mapped File | rw |
|
|
|
|
| unknown.log id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00511fff | Memory Mapped File | rw |
|
|
|
|
| currency.gif id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00511fff | Memory Mapped File | rw |
|
|
|
|
| office32ww.xml id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00511fff | Memory Mapped File | rw |
|
|
|
|
| informix.xsl id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00517fff | Memory Mapped File | rw |
|
|
|
|
| documentrepository.ico id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00516fff | Memory Mapped File | rw |
|
|
|
|
| as90.xsl id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00514fff | Memory Mapped File | rw |
|
|
|
|
| informix.xsl id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00517fff | Memory Mapped File | rw |
|
|
|
|
| msjet.xsl id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00517fff | Memory Mapped File | rw |
|
|
|
|
| jungle.htm id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00510fff | Memory Mapped File | rw |
|
|
|
|
| recentplaces.lnk id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00510fff | Memory Mapped File | rw |
|
|
|
|
| j0143746.gif id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00510fff | Memory Mapped File | rw |
|
|
|
|
| j0143748.gif id-bry0hiifvldg0s8v.bdkr | 0x00510000 | 0x00511fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000000520000 | 0x00520000 | 0x0055ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000560000 | 0x00560000 | 0x0056ffff | Private Memory | rw |
|
|
|
- |
| settings.ini id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00570fff | Memory Mapped File | rw |
|
|
|
|
| 7ptl.mkv id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x0057ffff | Memory Mapped File | rw |
|
|
|
|
| desktop.lnk id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00570fff | Memory Mapped File | rw |
|
|
|
|
| jaureglist.xml id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00570fff | Memory Mapped File | rw |
|
|
|
|
| berime.htm id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00574fff | Memory Mapped File | rw |
|
|
|
|
| ppcrlconfig.dll id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00573fff | Memory Mapped File | rw |
|
|
|
|
| 4t-7-ghsbfjz.wav id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x0057bfff | Memory Mapped File | rw |
|
|
|
|
| 6 6jppddb.m4a id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00577fff | Memory Mapped File | rw |
|
|
|
|
| 90gccg7fd.mp3 id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00577fff | Memory Mapped File | rw |
|
|
|
|
| 9q08f8qi8-eus1atwkx.mp3 id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00571fff | Memory Mapped File | rw |
|
|
|
|
| ja5moi9zmby.m4a id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x0057cfff | Memory Mapped File | rw |
|
|
|
|
| bcslaunch.dll id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x0057dfff | Memory Mapped File | rw |
|
|
|
|
| irakhau.htm id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00574fff | Memory Mapped File | rw |
|
|
|
|
| google chrome.lnk id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00570fff | Memory Mapped File | rw |
|
|
|
|
| leame.htm id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00574fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00570fff | Memory Mapped File | rw |
|
|
|
|
| eqnedt32.exe.manifest id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00570fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00570fff | Memory Mapped File | rw |
|
|
|
|
| projectmui.xml id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x00570fff | Memory Mapped File | rw |
|
|
|
|
| aceodbci.dll id-bry0hiifvldg0s8v.bdkr | 0x00570000 | 0x0057cfff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x00680000 | 0x0094efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000950000 | 0x00950000 | 0x00a4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000a50000 | 0x00a50000 | 0x00e42fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000e50000 | 0x00e50000 | 0x00fd7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000fe0000 | 0x00fe0000 | 0x01160fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001170000 | 0x01170000 | 0x0256ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002570000 | 0x02570000 | 0x0262ffff | Private Memory | rw |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db | 0x02570000 | 0x025d5fff | Memory Mapped File | r |
|
|
|
- |
| 0cdys09w.xlsx id-bry0hiifvldg0s8v.bdkr | 0x025e0000 | 0x025eafff | Memory Mapped File | rw |
|
|
|
|
| maintenanceservice-install.log id-bry0hiifvldg0s8v.bdkr | 0x025e0000 | 0x025e0fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.office.infopath.targets id-bry0hiifvldg0s8v.bdkr | 0x025e0000 | 0x025e0fff | Memory Mapped File | rw |
|
|
|
|
| pending.grl id-bry0hiifvldg0s8v.bdkr | 0x025e0000 | 0x025e3fff | Memory Mapped File | rw |
|
|
|
|
| copyright id-bry0hiifvldg0s8v.bdkr | 0x025e0000 | 0x025e0fff | Memory Mapped File | rw |
|
|
|
|
| workflow.visualbasic.targets id-bry0hiifvldg0s8v.bdkr | 0x025e0000 | 0x025e1fff | Memory Mapped File | rw |
|
|
|
|
| as90.xsl id-bry0hiifvldg0s8v.bdkr | 0x025e0000 | 0x025e4fff | Memory Mapped File | rw |
|
|
|
|
| msjet.xsl id-bry0hiifvldg0s8v.bdkr | 0x025e0000 | 0x025e7fff | Memory Mapped File | rw |
|
|
|
|
| ms.excel.dev.14.1033.hxn id-bry0hiifvldg0s8v.bdkr | 0x025e0000 | 0x025e0fff | Memory Mapped File | rw |
|
|
|
|
| private_0x00000000025f0000 | 0x025f0000 | 0x0262ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002630000 | 0x02630000 | 0x0270efff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002710000 | 0x02710000 | 0x02810fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002710000 | 0x02710000 | 0x0280ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002810000 | 0x02810000 | 0x0284ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002850000 | 0x02850000 | 0x0294ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002950000 | 0x02950000 | 0x0298ffff | Private Memory | rw |
|
|
|
- |
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x02950000 | 0x02950fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000002990000 | 0x02990000 | 0x02a8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a90000 | 0x02a90000 | 0x02b8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b90000 | 0x02b90000 | 0x02bcffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002bd0000 | 0x02bd0000 | 0x02ccffff | Private Memory | rw |
|
|
|
- |
| c_932.nls | 0x02cd0000 | 0x02cf7fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002d00000 | 0x02d00000 | 0x02d3ffff | Private Memory | rw |
|
|
|
- |
| traditions.exe id-bry0hiifvldg0s8v.bdkr | 0x02d00000 | 0x02d12fff | Memory Mapped File | rw |
|
|
|
|
| mpasdlta.vdm id-bry0hiifvldg0s8v.bdkr | 0x02d00000 | 0x02d52fff | Memory Mapped File | rw |
|
|
|
|
| sql2000.xsl id-bry0hiifvldg0s8v.bdkr | 0x02d00000 | 0x02d08fff | Memory Mapped File | rw |
|
|
|
|
| jungle.gif id-bry0hiifvldg0s8v.bdkr | 0x02d10000 | 0x02d10fff | Memory Mapped File | rw |
|
|
|
|
| appconfiginternal.zip id-bry0hiifvldg0s8v.bdkr | 0x02d10000 | 0x02d10fff | Memory Mapped File | rw |
|
|
|
|
| vstoee90.tlb id-bry0hiifvldg0s8v.bdkr | 0x02d20000 | 0x02d25fff | Memory Mapped File | rw |
|
|
|
|
| papyrus.elm id-bry0hiifvldg0s8v.bdkr | 0x02d30000 | 0x02d46fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000002d40000 | 0x02d40000 | 0x02e3ffff | Private Memory | rw |
|
|
|
- |
| 23b523c9e7746f715d33c6527c18eb9d id-bry0hiifvldg0s8v.bdkr | 0x02d40000 | 0x02d40fff | Memory Mapped File | rw |
|
|
|
|
| 3130b1871a126520a8c47861efe3ed4d id-bry0hiifvldg0s8v.bdkr | 0x02d40000 | 0x02d40fff | Memory Mapped File | rw |
|
|
|
|
| 3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d id-bry0hiifvldg0s8v.bdkr | 0x02d40000 | 0x02d40fff | Memory Mapped File | rw |
|
|
|
|
| stintl.dll id-bry0hiifvldg0s8v.bdkr | 0x02d40000 | 0x02d44fff | Memory Mapped File | rw |
|
|
|
|
| 1daf2884ec4dfa96ba4a58d4dbc9c406 id-bry0hiifvldg0s8v.bdkr | 0x02d50000 | 0x02d50fff | Memory Mapped File | rw |
|
|
|
|
| judgesch.htm id-bry0hiifvldg0s8v.bdkr | 0x02d50000 | 0x02d50fff | Memory Mapped File | rw |
|
|
|
|
| chucu jadnvk.contact id-bry0hiifvldg0s8v.bdkr | 0x02d50000 | 0x02d50fff | Memory Mapped File | rw |
|
|
|
|
| lulcit amkdfe.contact id-bry0hiifvldg0s8v.bdkr | 0x02d50000 | 0x02d50fff | Memory Mapped File | rw |
|
|
|
|
| quad.elm id-bry0hiifvldg0s8v.bdkr | 0x02d50000 | 0x02d5bfff | Memory Mapped File | rw |
|
|
|
|
| angles.thmx id-bry0hiifvldg0s8v.bdkr | 0x02d60000 | 0x02d71fff | Memory Mapped File | rw |
|
|
|
|
| thirdpartylicensereadme-javafx.txt id-bry0hiifvldg0s8v.bdkr | 0x02d60000 | 0x02d7efff | Memory Mapped File | rw |
|
|
|
|
| fperson.dll id-bry0hiifvldg0s8v.bdkr | 0x02d80000 | 0x02db5fff | Memory Mapped File | rw |
|
|
|
|
| j0143743.gif id-bry0hiifvldg0s8v.bdkr | 0x02dc0000 | 0x02dc0fff | Memory Mapped File | rw |
|
|
|
|
| state.rsm id-bry0hiifvldg0s8v.bdkr | 0x02dc0000 | 0x02dc0fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000002e40000 | 0x02e40000 | 0x02e7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002e80000 | 0x02e80000 | 0x02f7ffff | Private Memory | rw |
|
|
|
- |
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x02f40000 | 0x02f40fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x02f40000 | 0x02f40fff | Memory Mapped File | rw |
|
|
|
|
| desktop.lnk id-bry0hiifvldg0s8v.bdkr | 0x02f40000 | 0x02f40fff | Memory Mapped File | rw |
|
|
|
|
| downloads.lnk id-bry0hiifvldg0s8v.bdkr | 0x02f40000 | 0x02f40fff | Memory Mapped File | rw |
|
|
|
|
| j0143745.gif id-bry0hiifvldg0s8v.bdkr | 0x02f40000 | 0x02f40fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.visualstudio.tools.office.contract.v10.0.dll id-bry0hiifvldg0s8v.bdkr | 0x02f40000 | 0x02f45fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.visualstudio.tools.office.contract.v9.0.dll id-bry0hiifvldg0s8v.bdkr | 0x02f40000 | 0x02f4bfff | Memory Mapped File | rw |
|
|
|
|
| profiles.ini id-bry0hiifvldg0s8v.bdkr | 0x02f50000 | 0x02f50fff | Memory Mapped File | rw |
|
|
|
|
| mtextra.ttf id-bry0hiifvldg0s8v.bdkr | 0x02f50000 | 0x02f51fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x02f60000 | 0x02f60fff | Memory Mapped File | rw |
|
|
|
|
| assemblyinfointernal.zip id-bry0hiifvldg0s8v.bdkr | 0x02f60000 | 0x02f60fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.visualstudio.tools.applications.designtime.tlb id-bry0hiifvldg0s8v.bdkr | 0x02f70000 | 0x02f72fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000002f80000 | 0x02f80000 | 0x02fbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002fc0000 | 0x02fc0000 | 0x030bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000030c0000 | 0x030c0000 | 0x030fffff | Private Memory | rw |
|
|
|
- |
| browser accredited mil.exe id-bry0hiifvldg0s8v.bdkr | 0x030c0000 | 0x030d2fff | Memory Mapped File | rw |
|
|
|
|
| moore-encouraging-percent.exe id-bry0hiifvldg0s8v.bdkr | 0x030c0000 | 0x030d2fff | Memory Mapped File | rw |
|
|
|
|
| gdipfontcachev1.dat id-bry0hiifvldg0s8v.bdkr | 0x030c0000 | 0x030dafff | Memory Mapped File | rw |
|
|
|
|
| downloads.lnk id-bry0hiifvldg0s8v.bdkr | 0x030c0000 | 0x030c0fff | Memory Mapped File | rw |
|
|
|
|
| ls0pdhw.mp3 id-bry0hiifvldg0s8v.bdkr | 0x030c0000 | 0x030d2fff | Memory Mapped File | rw |
|
|
|
|
| extensibility.dll id-bry0hiifvldg0s8v.bdkr | 0x030d0000 | 0x030d1fff | Memory Mapped File | rw |
|
|
|
|
| drbc7fywgrtf41u.odt id-bry0hiifvldg0s8v.bdkr | 0x030e0000 | 0x030f7fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000003100000 | 0x03100000 | 0x031fffff | Private Memory | rw |
|
|
|
- |
| 0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875 id-bry0hiifvldg0s8v.bdkr | 0x03100000 | 0x03100fff | Memory Mapped File | rw |
|
|
|
|
| judgesch.gif id-bry0hiifvldg0s8v.bdkr | 0x03100000 | 0x03100fff | Memory Mapped File | rw |
|
|
|
|
| release id-bry0hiifvldg0s8v.bdkr | 0x03100000 | 0x03100fff | Memory Mapped File | rw |
|
|
|
|
| msnbc news.url id-bry0hiifvldg0s8v.bdkr | 0x03100000 | 0x03100fff | Memory Mapped File | rw |
|
|
|
|
| hx.hxn id-bry0hiifvldg0s8v.bdkr | 0x03100000 | 0x03100fff | Memory Mapped File | rw |
|
|
|
|
| leesmij.htm id-bry0hiifvldg0s8v.bdkr | 0x03100000 | 0x03104fff | Memory Mapped File | rw |
|
|
|
|
| state.rsm id-bry0hiifvldg0s8v.bdkr | 0x03100000 | 0x03100fff | Memory Mapped File | rw |
|
|
|
|
| autoshap.dll id-bry0hiifvldg0s8v.bdkr | 0x03100000 | 0x03103fff | Memory Mapped File | rw |
|
|
|
|
| stintl.dll.idx_dll id-bry0hiifvldg0s8v.bdkr | 0x03100000 | 0x03103fff | Memory Mapped File | rw |
|
|
|
|
| deployment.properties id-bry0hiifvldg0s8v.bdkr | 0x03110000 | 0x03110fff | Memory Mapped File | rw |
|
|
|
|
| ms.excel.14.1033.hxn id-bry0hiifvldg0s8v.bdkr | 0x03110000 | 0x03110fff | Memory Mapped File | rw |
|
|
|
|
| cagcat10.dll id-bry0hiifvldg0s8v.bdkr | 0x03110000 | 0x03113fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x03110000 | 0x03110fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x03110000 | 0x03110fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x03110000 | 0x03110fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x03110000 | 0x03110fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x03110000 | 0x03110fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x03110000 | 0x03110fff | Memory Mapped File | rw |
|
|
|
|
| 40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1 id-bry0hiifvldg0s8v.bdkr | 0x03110000 | 0x03110fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x031a0000 | 0x031a0fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.synchronization.data.dll id-bry0hiifvldg0s8v.bdkr | 0x031e0000 | 0x031fcfff | Memory Mapped File | rw |
|
|
|
|
| microsoft.synchronization.data.server.dll id-bry0hiifvldg0s8v.bdkr | 0x031e0000 | 0x031fcfff | Memory Mapped File | rw |
|
|
|
|
| microsoft.synchronization.data.sqlserverce.dll id-bry0hiifvldg0s8v.bdkr | 0x031e0000 | 0x031f7fff | Memory Mapped File | rw |
|
|
|
|
| administrator.contact id-bry0hiifvldg0s8v.bdkr | 0x031e0000 | 0x031f0fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.visualstudio.tools.applications.addinmanager.dll id-bry0hiifvldg0s8v.bdkr | 0x031e0000 | 0x031f9fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000003200000 | 0x03200000 | 0x032fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003300000 | 0x03300000 | 0x0333ffff | Private Memory | rw |
|
|
|
- |
| constitute_appropriate_sorry.exe id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03312fff | Memory Mapped File | rw |
|
|
|
|
| regulationspublishers.exe id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03312fff | Memory Mapped File | rw |
|
|
|
|
| bbn5cvtvgkwx.wav id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03312fff | Memory Mapped File | rw |
|
|
|
|
| vampire criterion.exe id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03312fff | Memory Mapped File | rw |
|
|
|
|
| hourunexpected.exe id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03312fff | Memory Mapped File | rw |
|
|
|
|
| sword.exe id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03312fff | Memory Mapped File | rw |
|
|
|
|
| sims.exe id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03312fff | Memory Mapped File | rw |
|
|
|
|
| 69q9p8o1o.docx id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03315fff | Memory Mapped File | rw |
|
|
|
|
| winfxlist.xml id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03300fff | Memory Mapped File | rw |
|
|
|
|
| settings.ini id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03300fff | Memory Mapped File | rw |
|
|
|
|
| vbe6ext.olb id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03309fff | Memory Mapped File | rw |
|
|
|
|
| pipelinesegments.store id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x0331ffff | Memory Mapped File | rw |
|
|
|
|
| msosv.dll id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x0330afff | Memory Mapped File | rw |
|
|
|
|
| echo.inf id-bry0hiifvldg0s8v.bdkr | 0x03300000 | 0x03300fff | Memory Mapped File | rw |
|
|
|
|
| rdrmessage.zip id-bry0hiifvldg0s8v.bdkr | 0x03310000 | 0x0331afff | Memory Mapped File | rw |
|
|
|
|
| readermessages id-bry0hiifvldg0s8v.bdkr | 0x03310000 | 0x03311fff | Memory Mapped File | rw |
|
|
|
|
| assetlibrary.ico id-bry0hiifvldg0s8v.bdkr | 0x03310000 | 0x03311fff | Memory Mapped File | rw |
|
|
|
|
| msn autos.url id-bry0hiifvldg0s8v.bdkr | 0x03310000 | 0x03310fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x03310000 | 0x03310fff | Memory Mapped File | rw |
|
|
|
|
| adjacency.thmx id-bry0hiifvldg0s8v.bdkr | 0x03310000 | 0x0331dfff | Memory Mapped File | rw |
|
|
|
|
| msosvint.dll id-bry0hiifvldg0s8v.bdkr | 0x03310000 | 0x03312fff | Memory Mapped File | rw |
|
|
|
|
| bd10219_.gif id-bry0hiifvldg0s8v.bdkr | 0x03310000 | 0x03310fff | Memory Mapped File | rw |
|
|
|
|
| administrator.contact id-bry0hiifvldg0s8v.bdkr | 0x03320000 | 0x03330fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000003340000 | 0x03340000 | 0x0343ffff | Private Memory | rw |
|
|
|
- |
| evrgreen.elm id-bry0hiifvldg0s8v.bdkr | 0x03340000 | 0x03352fff | Memory Mapped File | rw |
|
|
|
|
| jewel.exe id-bry0hiifvldg0s8v.bdkr | 0x033e0000 | 0x033f2fff | Memory Mapped File | rw |
|
|
|
|
| picking separated lib.exe id-bry0hiifvldg0s8v.bdkr | 0x033e0000 | 0x033f2fff | Memory Mapped File | rw |
|
|
|
|
| hx.hxc id-bry0hiifvldg0s8v.bdkr | 0x033e0000 | 0x033e0fff | Memory Mapped File | rw |
|
|
|
|
| hx.hxt id-bry0hiifvldg0s8v.bdkr | 0x033e0000 | 0x033e0fff | Memory Mapped File | rw |
|
|
|
|
| hxruntime.hxs id-bry0hiifvldg0s8v.bdkr | 0x033e0000 | 0x033e6fff | Memory Mapped File | rw |
|
|
|
|
| keywords.hxk id-bry0hiifvldg0s8v.bdkr | 0x033e0000 | 0x033e0fff | Memory Mapped File | rw |
|
|
|
|
| namedurls.hxk id-bry0hiifvldg0s8v.bdkr | 0x033e0000 | 0x033e0fff | Memory Mapped File | rw |
|
|
|
|
| workflow.visualbasic.targets id-bry0hiifvldg0s8v.bdkr | 0x033e0000 | 0x033e1fff | Memory Mapped File | rw |
|
|
|
|
| dgrmlnch.dll id-bry0hiifvldg0s8v.bdkr | 0x033e0000 | 0x033f4fff | Memory Mapped File | rw |
|
|
|
|
| aiodlite.dll id-bry0hiifvldg0s8v.bdkr | 0x033e0000 | 0x033f9fff | Memory Mapped File | rw |
|
|
|
|
| workflow.targets id-bry0hiifvldg0s8v.bdkr | 0x033f0000 | 0x033f1fff | Memory Mapped File | rw |
|
|
|
|
| sentence-arrive-unnecessary.exe id-bry0hiifvldg0s8v.bdkr | 0x03420000 | 0x03432fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000003440000 | 0x03440000 | 0x0347ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003480000 | 0x03480000 | 0x0357ffff | Private Memory | rw |
|
|
|
- |
| powerpointmui.msi id-bry0hiifvldg0s8v.bdkr | 0x03580000 | 0x0367ffff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x03580000 | 0x03580fff | Memory Mapped File | rw |
|
|
|
|
| cache.dat id-bry0hiifvldg0s8v.bdkr | 0x03580000 | 0x035b6fff | Memory Mapped File | rw |
|
|
|
|
| mysimon.exe id-bry0hiifvldg0s8v.bdkr | 0x035c0000 | 0x035d2fff | Memory Mapped File | rw |
|
|
|
|
| bhointl.dll id-bry0hiifvldg0s8v.bdkr | 0x035c0000 | 0x035c2fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x035c0000 | 0x035c0fff | Memory Mapped File | rw |
|
|
|
|
| 1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973 id-bry0hiifvldg0s8v.bdkr | 0x035c0000 | 0x035c0fff | Memory Mapped File | rw |
|
|
|
|
| vstaclientpkgui.dll id-bry0hiifvldg0s8v.bdkr | 0x035c0000 | 0x035c2fff | Memory Mapped File | rw |
|
|
|
|
| state.rsm id-bry0hiifvldg0s8v.bdkr | 0x035c0000 | 0x035c0fff | Memory Mapped File | rw |
|
|
|
|
| authzax.dll id-bry0hiifvldg0s8v.bdkr | 0x03600000 | 0x0360dfff | Memory Mapped File | rw |
|
|
|
|
| wouo-ahtdhzs.mp3 id-bry0hiifvldg0s8v.bdkr | 0x03600000 | 0x0360dfff | Memory Mapped File | rw |
|
|
|
|
| yyxxar3wbso-qz5.wav id-bry0hiifvldg0s8v.bdkr | 0x03600000 | 0x03607fff | Memory Mapped File | rw |
|
|
|
|
| get windows live.url id-bry0hiifvldg0s8v.bdkr | 0x03600000 | 0x03600fff | Memory Mapped File | rw |
|
|
|
|
| install.ins id-bry0hiifvldg0s8v.bdkr | 0x03600000 | 0x03600fff | Memory Mapped File | rw |
|
|
|
|
| msaddndr.dll id-bry0hiifvldg0s8v.bdkr | 0x03650000 | 0x03668fff | Memory Mapped File | rw |
|
|
|
|
| ose.exe id-bry0hiifvldg0s8v.bdkr | 0x03650000 | 0x0367afff | Memory Mapped File | rw |
|
|
|
|
| office32ww.xml id-bry0hiifvldg0s8v.bdkr | 0x03670000 | 0x03671fff | Memory Mapped File | rw |
|
|
|
|
| ppcrlui.dll id-bry0hiifvldg0s8v.bdkr | 0x03680000 | 0x036befff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x03a80000 | 0x03a80fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.visualstudio.tools.applications.blueprints.tlb id-bry0hiifvldg0s8v.bdkr | 0x03a80000 | 0x03a87fff | Memory Mapped File | rw |
|
|
|
|
| vstoinstallerui.dll id-bry0hiifvldg0s8v.bdkr | 0x03a80000 | 0x03a82fff | Memory Mapped File | rw |
|
|
|
|
| state.rsm id-bry0hiifvldg0s8v.bdkr | 0x03a80000 | 0x03a80fff | Memory Mapped File | rw |
|
|
|
|
| canyon.elm id-bry0hiifvldg0s8v.bdkr | 0x03a80000 | 0x03a8afff | Memory Mapped File | rw |
|
|
|
|
| help_mkwd_bestbet.h1w id-bry0hiifvldg0s8v.bdkr | 0x03a90000 | 0x03ac2fff | Memory Mapped File | rw |
|
|
|
|
| cgmimp32.flt id-bry0hiifvldg0s8v.bdkr | 0x03ad0000 | 0x03b1ffff | Memory Mapped File | rw |
|
|
|
|
| index.dat id-bry0hiifvldg0s8v.bdkr | 0x03b50000 | 0x03b57fff | Memory Mapped File | rw |
|
|
|
|
| 1w93a.bmp id-bry0hiifvldg0s8v.bdkr | 0x03b60000 | 0x03b68fff | Memory Mapped File | rw |
|
|
|
|
| themes.inf id-bry0hiifvldg0s8v.bdkr | 0x03b60000 | 0x03b61fff | Memory Mapped File | rw |
|
|
|
|
| license id-bry0hiifvldg0s8v.bdkr | 0x03b70000 | 0x03b70fff | Memory Mapped File | rw |
|
|
|
|
| readme.txt id-bry0hiifvldg0s8v.bdkr | 0x03b70000 | 0x03b70fff | Memory Mapped File | rw |
|
|
|
|
| ose.exe id-bry0hiifvldg0s8v.bdkr | 0x03b70000 | 0x03b9afff | Memory Mapped File | rw |
|
|
|
|
| preview.gif id-bry0hiifvldg0s8v.bdkr | 0x03b90000 | 0x03b90fff | Memory Mapped File | rw |
|
|
|
|
| breakpadinjector.dll id-bry0hiifvldg0s8v.bdkr | 0x03ba0000 | 0x03bb2fff | Memory Mapped File | rw |
|
|
|
|
| recentplaces.lnk id-bry0hiifvldg0s8v.bdkr | 0x03bc0000 | 0x03bc0fff | Memory Mapped File | rw |
|
|
|
|
| hxdsui.dll id-bry0hiifvldg0s8v.bdkr | 0x03bc0000 | 0x03bc3fff | Memory Mapped File | rw |
|
|
|
|
| n_6arots1krdxv.bmp id-bry0hiifvldg0s8v.bdkr | 0x03bc0000 | 0x03bcdfff | Memory Mapped File | rw |
|
|
|
|
| vc_runtimeadditional_x64.msi id-bry0hiifvldg0s8v.bdkr | 0x03c10000 | 0x03c32fff | Memory Mapped File | rw |
|
|
|
|
| guest.bmp id-bry0hiifvldg0s8v.bdkr | 0x03c40000 | 0x03c4cfff | Memory Mapped File | rw |
|
|
|
|
| radial.elm id-bry0hiifvldg0s8v.bdkr | 0x03c40000 | 0x03c4bfff | Memory Mapped File | rw |
|
|
|
|
| fm20.chm id-bry0hiifvldg0s8v.bdkr | 0x03c50000 | 0x03ca1fff | Memory Mapped File | rw |
|
|
|
|
| hxdsui.dll id-bry0hiifvldg0s8v.bdkr | 0x03cb0000 | 0x03cb3fff | Memory Mapped File | rw |
|
|
|
|
| addins.store id-bry0hiifvldg0s8v.bdkr | 0x03cb0000 | 0x03cb2fff | Memory Mapped File | rw |
|
|
|
|
| ky4nv51osl2.wav id-bry0hiifvldg0s8v.bdkr | 0x03cc0000 | 0x03cd6fff | Memory Mapped File | rw |
|
|
|
|
| hxdsui.dll id-bry0hiifvldg0s8v.bdkr | 0x03ce0000 | 0x03ce4fff | Memory Mapped File | rw |
|
|
|
|
| state.rsm id-bry0hiifvldg0s8v.bdkr | 0x03ce0000 | 0x03ce0fff | Memory Mapped File | rw |
|
|
|
|
| dwintl20.dll id-bry0hiifvldg0s8v.bdkr | 0x03ce0000 | 0x03cfafff | Memory Mapped File | rw |
|
|
|
|
| network.elm id-bry0hiifvldg0s8v.bdkr | 0x03ce0000 | 0x03cecfff | Memory Mapped File | rw |
|
|
|
|
| asdlfk poopvy.contact id-bry0hiifvldg0s8v.bdkr | 0x03cf0000 | 0x03cf0fff | Memory Mapped File | rw |
|
|
|
|
| preview.gif id-bry0hiifvldg0s8v.bdkr | 0x03cf0000 | 0x03cf0fff | Memory Mapped File | rw |
|
|
|
|
| preview.gif id-bry0hiifvldg0s8v.bdkr | 0x03cf0000 | 0x03cf0fff | Memory Mapped File | rw |
|
|
|
|
| 5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77 id-bry0hiifvldg0s8v.bdkr | 0x03cf0000 | 0x03cf0fff | Memory Mapped File | rw |
|
|
|
|
| liesmich.htm id-bry0hiifvldg0s8v.bdkr | 0x03cf0000 | 0x03cf4fff | Memory Mapped File | rw |
|
|
|
|
| updater.ini id-bry0hiifvldg0s8v.bdkr | 0x05960000 | 0x05960fff | Memory Mapped File | rw |
|
|
|
|
| bd10254_.gif id-bry0hiifvldg0s8v.bdkr | 0x05960000 | 0x05960fff | Memory Mapped File | rw |
|
|
|
|
| bd10255_.gif id-bry0hiifvldg0s8v.bdkr | 0x05960000 | 0x05960fff | Memory Mapped File | rw |
|
|
|
|
| sikvnb huvuib.contact id-bry0hiifvldg0s8v.bdkr | 0x05960000 | 0x05960fff | Memory Mapped File | rw |
|
|
|
|
| preview.gif id-bry0hiifvldg0s8v.bdkr | 0x05980000 | 0x05980fff | Memory Mapped File | rw |
|
|
|
|
| adobesysfnt10.lst id-bry0hiifvldg0s8v.bdkr | 0x059a0000 | 0x059c1fff | Memory Mapped File | rw |
|
|
|
|
| appconfig.zip id-bry0hiifvldg0s8v.bdkr | 0x059d0000 | 0x059d0fff | Memory Mapped File | rw |
|
|
|
|
| 25gnium0ewio7pay.mp3 id-bry0hiifvldg0s8v.bdkr | 0x059e0000 | 0x059e4fff | Memory Mapped File | rw |
|
|
|
|
| 1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973 id-bry0hiifvldg0s8v.bdkr | 0x059e0000 | 0x059e0fff | Memory Mapped File | rw |
|
|
|
|
| bd18180_.wmf id-bry0hiifvldg0s8v.bdkr | 0x059e0000 | 0x059e0fff | Memory Mapped File | rw |
|
|
|
|
| sql70.xsl id-bry0hiifvldg0s8v.bdkr | 0x059e0000 | 0x059e7fff | Memory Mapped File | rw |
|
|
|
|
| j0143744.gif id-bry0hiifvldg0s8v.bdkr | 0x059f0000 | 0x059f0fff | Memory Mapped File | rw |
|
|
|
|
| preview.gif id-bry0hiifvldg0s8v.bdkr | 0x05a20000 | 0x05a20fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.visualstudio.tools.applications.contract.v9.0.dll id-bry0hiifvldg0s8v.bdkr | 0x05a70000 | 0x05a75fff | Memory Mapped File | rw |
|
|
|
|
| preview.gif id-bry0hiifvldg0s8v.bdkr | 0x05a70000 | 0x05a70fff | Memory Mapped File | rw |
|
|
|
|
| sql2000.xsl id-bry0hiifvldg0s8v.bdkr | 0x05a70000 | 0x05a78fff | Memory Mapped File | rw |
|
|
|
|
| preview.gif id-bry0hiifvldg0s8v.bdkr | 0x05a70000 | 0x05a70fff | Memory Mapped File | rw |
|
|
|
|
| aboutbox.zip id-bry0hiifvldg0s8v.bdkr | 0x05cc0000 | 0x05cc8fff | Memory Mapped File | rw |
|
|
|
|
| xmlrw.dll id-bry0hiifvldg0s8v.bdkr | 0x05cc0000 | 0x05ce9fff | Memory Mapped File | rw |
|
|
|
|
| uninstall.exe id-bry0hiifvldg0s8v.bdkr | 0x05cd0000 | 0x05ce9fff | Memory Mapped File | rw |
|
|
|
|
| 6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hiifvldg0s8v.bdkr | 0x05cf0000 | 0x05cf0fff | Memory Mapped File | rw |
|
|
|
|
| d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hiifvldg0s8v.bdkr | 0x05cf0000 | 0x05cf0fff | Memory Mapped File | rw |
|
|
|
|
| leiame.htm id-bry0hiifvldg0s8v.bdkr | 0x05cf0000 | 0x05cf4fff | Memory Mapped File | rw |
|
|
|
|
| class.zip id-bry0hiifvldg0s8v.bdkr | 0x05cf0000 | 0x05cf0fff | Memory Mapped File | rw |
|
|
|
|
| notebook.htm id-bry0hiifvldg0s8v.bdkr | 0x05cf0000 | 0x05cf0fff | Memory Mapped File | rw |
|
|
|
|
| breeze.elm id-bry0hiifvldg0s8v.bdkr | 0x06340000 | 0x0635afff | Memory Mapped File | rw |
|
|
|
|
| 4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398 id-bry0hiifvldg0s8v.bdkr | 0x06360000 | 0x06360fff | Memory Mapped File | rw |
|
|
|
|
| 4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9 id-bry0hiifvldg0s8v.bdkr | 0x06360000 | 0x06360fff | Memory Mapped File | rw |
|
|
|
|
| boldstri.elm id-bry0hiifvldg0s8v.bdkr | 0x06360000 | 0x0636efff | Memory Mapped File | rw |
|
|
|
|
| htg7o60hc.swf id-bry0hiifvldg0s8v.bdkr | 0x06370000 | 0x0637cfff | Memory Mapped File | rw |
|
|
|
|
| satin.elm id-bry0hiifvldg0s8v.bdkr | 0x065c0000 | 0x065d9fff | Memory Mapped File | rw |
|
|
|
|
| local state id-bry0hiifvldg0s8v.bdkr | 0x065e0000 | 0x065f0fff | Memory Mapped File | rw |
|
|
|
|
| ice.inf id-bry0hiifvldg0s8v.bdkr | 0x06700000 | 0x06700fff | Memory Mapped File | rw |
|
|
|
|
| yaqnzp4d-5zdhkihzfc.odp id-bry0hiifvldg0s8v.bdkr | 0x06710000 | 0x06723fff | Memory Mapped File | rw |
|
|
|
|
| directories.acrodata id-bry0hiifvldg0s8v.bdkr | 0x07140000 | 0x07140fff | Memory Mapped File | rw |
|
|
|
|
| frameworklist.xml id-bry0hiifvldg0s8v.bdkr | 0x07140000 | 0x07141fff | Memory Mapped File | rw |
|
|
|
|
| ag00011_.gif id-bry0hiifvldg0s8v.bdkr | 0x07140000 | 0x07141fff | Memory Mapped File | rw |
|
|
|
|
| preview.gif id-bry0hiifvldg0s8v.bdkr | 0x07140000 | 0x07140fff | Memory Mapped File | rw |
|
|
|
|
| adodb.dll id-bry0hiifvldg0s8v.bdkr | 0x07150000 | 0x0716afff | Memory Mapped File | rw |
|
|
|
|
| 7dgl8s-3gjx7.pptx id-bry0hiifvldg0s8v.bdkr | 0x07170000 | 0x07178fff | Memory Mapped File | rw |
|
|
|
|
| maintenanceservice.exe id-bry0hiifvldg0s8v.bdkr | 0x07170000 | 0x0718dfff | Memory Mapped File | rw |
|
|
|
|
| mold.exe id-bry0hiifvldg0s8v.bdkr | 0x07180000 | 0x07192fff | Memory Mapped File | rw |
|
|
|
|
| vstoee100.tlb id-bry0hiifvldg0s8v.bdkr | 0x07190000 | 0x07193fff | Memory Mapped File | rw |
|
|
|
|
| vcredist_x64.exe id-bry0hiifvldg0s8v.bdkr | 0x07190000 | 0x071fffff | Memory Mapped File | rw |
|
|
|
|
| cgmimp32.cfg id-bry0hiifvldg0s8v.bdkr | 0x071a0000 | 0x071a1fff | Memory Mapped File | rw |
|
|
|
|
| dl_res.dll id-bry0hiifvldg0s8v.bdkr | 0x071a0000 | 0x071a2fff | Memory Mapped File | rw |
|
|
|
|
| frameworklist.xml id-bry0hiifvldg0s8v.bdkr | 0x071b0000 | 0x071b1fff | Memory Mapped File | rw |
|
|
|
|
| vstoinstaller.config id-bry0hiifvldg0s8v.bdkr | 0x071b0000 | 0x071b0fff | Memory Mapped File | rw |
|
|
|
|
| d-65aiicrha.docx id-bry0hiifvldg0s8v.bdkr | 0x071c0000 | 0x071c1fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x071c0000 | 0x071c0fff | Memory Mapped File | rw |
|
|
|
|
| ag00004_.gif id-bry0hiifvldg0s8v.bdkr | 0x071c0000 | 0x071c2fff | Memory Mapped File | rw |
|
|
|
|
| publishermui.xml id-bry0hiifvldg0s8v.bdkr | 0x071d0000 | 0x071d0fff | Memory Mapped File | rw |
|
|
|
|
| wscrgb.icc id-bry0hiifvldg0s8v.bdkr | 0x071d0000 | 0x071e0fff | Memory Mapped File | rw |
|
|
|
|
| vc_runtimeminimum_x64.msi id-bry0hiifvldg0s8v.bdkr | 0x071d0000 | 0x071f4fff | Memory Mapped File | rw |
|
|
|
|
| office32mui.xml id-bry0hiifvldg0s8v.bdkr | 0x071e0000 | 0x071e0fff | Memory Mapped File | rw |
|
|
|
|
| help_cvalidator.h1d id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f2fff | Memory Mapped File | rw |
|
|
|
|
| microsoft store.url id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f0fff | Memory Mapped File | rw |
|
|
|
|
| windows live gallery.url id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f0fff | Memory Mapped File | rw |
|
|
|
|
| windows live mail.url id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f0fff | Memory Mapped File | rw |
|
|
|
|
| windows live spaces.url id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f0fff | Memory Mapped File | rw |
|
|
|
|
| msn entertainment.url id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f0fff | Memory Mapped File | rw |
|
|
|
|
| msn money.url id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f0fff | Memory Mapped File | rw |
|
|
|
|
| msn sports.url id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f0fff | Memory Mapped File | rw |
|
|
|
|
| msn.url id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f0fff | Memory Mapped File | rw |
|
|
|
|
| currency.htm id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f0fff | Memory Mapped File | rw |
|
|
|
|
| dadshirt.gif id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f0fff | Memory Mapped File | rw |
|
|
|
|
| dadshirt.htm id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f0fff | Memory Mapped File | rw |
|
|
|
|
| assemblylist_4_extended.xml id-bry0hiifvldg0s8v.bdkr | 0x071f0000 | 0x071f1fff | Memory Mapped File | rw |
|
|
|
|
| acrobatupdater.exe id-bry0hiifvldg0s8v.bdkr | 0x07200000 | 0x07252fff | Memory Mapped File | rw |
|
|
|
|
| 024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b id-bry0hiifvldg0s8v.bdkr | 0x07260000 | 0x07260fff | Memory Mapped File | rw |
|
|
|
|
| setup.xml id-bry0hiifvldg0s8v.bdkr | 0x07260000 | 0x07261fff | Memory Mapped File | rw |
|
|
|
|
| mozilla firefox.lnk id-bry0hiifvldg0s8v.bdkr | 0x07260000 | 0x07260fff | Memory Mapped File | rw |
|
|
|
|
| 0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875 id-bry0hiifvldg0s8v.bdkr | 0x07270000 | 0x07270fff | Memory Mapped File | rw |
|
|
|
|
| office32ww.msi id-bry0hiifvldg0s8v.bdkr | 0x07640000 | 0x0773ffff | Memory Mapped File | rw |
|
|
|
|
| 33udzo u-6j7rjrw.pptx id-bry0hiifvldg0s8v.bdkr | 0x07740000 | 0x07754fff | Memory Mapped File | rw |
|
|
|
|
| 3giufeu.csv id-bry0hiifvldg0s8v.bdkr | 0x07740000 | 0x07741fff | Memory Mapped File | rw |
|
|
|
|
| aythqeh.rtf id-bry0hiifvldg0s8v.bdkr | 0x07740000 | 0x0774afff | Memory Mapped File | rw |
|
|
|
|
| motorola spank thomas.exe id-bry0hiifvldg0s8v.bdkr | 0x07750000 | 0x07762fff | Memory Mapped File | rw |
|
|
|
|
| accessiblemarshal.dll id-bry0hiifvldg0s8v.bdkr | 0x07770000 | 0x07774fff | Memory Mapped File | rw |
|
|
|
|
| hxdsui.dll id-bry0hiifvldg0s8v.bdkr | 0x07880000 | 0x07884fff | Memory Mapped File | rw |
|
|
|
|
| bjvtdw4ma2z4wq.m4a id-bry0hiifvldg0s8v.bdkr | 0x07890000 | 0x078a1fff | Memory Mapped File | rw |
|
|
|
|
| hxdsui.dll id-bry0hiifvldg0s8v.bdkr | 0x078b0000 | 0x078b4fff | Memory Mapped File | rw |
|
|
|
|
| blueprnt.elm id-bry0hiifvldg0s8v.bdkr | 0x079c0000 | 0x079cdfff | Memory Mapped File | rw |
|
|
|
|
| microsoft.visualstudio.tools.applications.comrpcchannel.dll id-bry0hiifvldg0s8v.bdkr | 0x07a00000 | 0x07a09fff | Memory Mapped File | rw |
|
|
|
|
| office10.mmw id-bry0hiifvldg0s8v.bdkr | 0x07a10000 | 0x07a88fff | Memory Mapped File | rw |
|
|
|
|
| preview.gif id-bry0hiifvldg0s8v.bdkr | 0x07b30000 | 0x07b30fff | Memory Mapped File | rw |
|
|
|
|
| ie add-on site.url id-bry0hiifvldg0s8v.bdkr | 0x07c80000 | 0x07c80fff | Memory Mapped File | rw |
|
|
|
|
| ie site on microsoft.com.url id-bry0hiifvldg0s8v.bdkr | 0x07c80000 | 0x07c80fff | Memory Mapped File | rw |
|
|
|
|
| microsoft at home.url id-bry0hiifvldg0s8v.bdkr | 0x07c80000 | 0x07c80fff | Memory Mapped File | rw |
|
|
|
|
| microsoft at work.url id-bry0hiifvldg0s8v.bdkr | 0x07c80000 | 0x07c80fff | Memory Mapped File | rw |
|
|
|
|
| assemblylist_4_client.xml id-bry0hiifvldg0s8v.bdkr | 0x07c90000 | 0x07c93fff | Memory Mapped File | rw |
|
|
|
|
| fbiblio.dll id-bry0hiifvldg0s8v.bdkr | 0x07da0000 | 0x07dbefff | Memory Mapped File | rw |
|
|
|
|
| fdate.dll id-bry0hiifvldg0s8v.bdkr | 0x07da0000 | 0x07db7fff | Memory Mapped File | rw |
|
|
|
|
| adobecmapfnt10.lst id-bry0hiifvldg0s8v.bdkr | 0x07da0000 | 0x07da8fff | Memory Mapped File | rw |
|
|
|
|
| ee7fhwf5ub.wav id-bry0hiifvldg0s8v.bdkr | 0x07da0000 | 0x07db1fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x07db0000 | 0x07db0fff | Memory Mapped File | rw |
|
|
|
|
| recordedtv.library-ms id-bry0hiifvldg0s8v.bdkr | 0x07db0000 | 0x07db0fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x08100000 | 0x08100fff | Memory Mapped File | rw |
|
|
|
|
| user.bmp id-bry0hiifvldg0s8v.bdkr | 0x087f0000 | 0x087fcfff | Memory Mapped File | rw |
|
|
|
|
| aceintl.dll id-bry0hiifvldg0s8v.bdkr | 0x08a00000 | 0x08a30fff | Memory Mapped File | rw |
|
|
|
|
| hxds.dll id-bry0hiifvldg0s8v.bdkr | 0x08a40000 | 0x08b3ffff | Memory Mapped File | rw |
|
|
|
|
| windows6.1-kb2999226-x64.msu id-bry0hiifvldg0s8v.bdkr | 0x08b40000 | 0x08c3cfff | Memory Mapped File | rw |
|
|
|
|
| mpsfc.bin id-bry0hiifvldg0s8v.bdkr | 0x09080000 | 0x090b3fff | Memory Mapped File | rw |
|
|
|
|
| ntuser.dat id-bry0hiifvldg0s8v.bdkr | 0x099c0000 | 0x09a7ffff | Memory Mapped File | rw |
|
|
|
|
| publishermui.msi id-bry0hiifvldg0s8v.bdkr | 0x09c40000 | 0x09d3ffff | Memory Mapped File | rw |
|
|
|
|
| mso.acl id-bry0hiifvldg0s8v.bdkr | 0x09cc0000 | 0x09ccafff | Memory Mapped File | rw |
|
|
|
|
| mso.acl id-bry0hiifvldg0s8v.bdkr | 0x09cd0000 | 0x09cdcfff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x09cd0000 | 0x09cd0fff | Memory Mapped File | rw |
|
|
|
|
| acecache11.lst id-bry0hiifvldg0s8v.bdkr | 0x09cd0000 | 0x09cd0fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-bry0hiifvldg0s8v.bdkr | 0x09cd0000 | 0x09cd0fff | Memory Mapped File | rw |
|
|
|
|
| portalconnect.dll id-bry0hiifvldg0s8v.bdkr | 0x09cd0000 | 0x09cd4fff | Memory Mapped File | rw |
|
|
|
|
| actionspane3.xsd id-bry0hiifvldg0s8v.bdkr | 0x09ce0000 | 0x09ce0fff | Memory Mapped File | rw |
|
|
|
|
| vstoee.dll id-bry0hiifvldg0s8v.bdkr | 0x09ce0000 | 0x09cfefff | Memory Mapped File | rw |
|
|
|
|
| adobe reader x.lnk id-bry0hiifvldg0s8v.bdkr | 0x0b000000 | 0x0b000fff | Memory Mapped File | rw |
|
|
|
|
| office32ww.xml id-bry0hiifvldg0s8v.bdkr | 0x0b000000 | 0x0b001fff | Memory Mapped File | rw |
|
|
|
|
| 58.0.3029.110.manifest id-bry0hiifvldg0s8v.bdkr | 0x0b010000 | 0x0b010fff | Memory Mapped File | rw |
|
|
|
|
| osppc.dll id-bry0hiifvldg0s8v.bdkr | 0x0b010000 | 0x0b034fff | Memory Mapped File | rw |
|
|
|
|
| synchronizationeula.rtf id-bry0hiifvldg0s8v.bdkr | 0x0b020000 | 0x0b03afff | Memory Mapped File | rw |
|
|
|
|
| adjacencymergeletter.dotx id-bry0hiifvldg0s8v.bdkr | 0x0b040000 | 0x0b073fff | Memory Mapped File | rw |
|
|
|
|
| preview.gif id-bry0hiifvldg0s8v.bdkr | 0x0b100000 | 0x0b100fff | Memory Mapped File | rw |
|
|
|
|
| aftrnoon.elm id-bry0hiifvldg0s8v.bdkr | 0x0b110000 | 0x0b11efff | Memory Mapped File | rw |
|
|
|
|
| axis.elm id-bry0hiifvldg0s8v.bdkr | 0x0b120000 | 0x0b138fff | Memory Mapped File | rw |
|
|
|
|
| windows6.1-kb2999226-x64.msu id-bry0hiifvldg0s8v.bdkr | 0x0ba40000 | 0x0bb37fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x0bb70000 | 0x0bb70fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x0bb70000 | 0x0bb70fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x0bb70000 | 0x0bb70fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x0bb70000 | 0x0bb70fff | Memory Mapped File | rw |
|
|
|
|
| e0cfmadmu03fxj-.odp id-bry0hiifvldg0s8v.bdkr | 0x0bb70000 | 0x0bb76fff | Memory Mapped File | rw |
|
|
|
|
| bd10253_.gif id-bry0hiifvldg0s8v.bdkr | 0x0bb70000 | 0x0bb70fff | Memory Mapped File | rw |
|
|
|
|
| palmer still equations.exe id-bry0hiifvldg0s8v.bdkr | 0x0bcc0000 | 0x0bcd2fff | Memory Mapped File | rw |
|
|
|
|
| leggimi.htm id-bry0hiifvldg0s8v.bdkr | 0x0bf30000 | 0x0bf34fff | Memory Mapped File | rw |
|
|
|
|
| clickonce_bootstrap.exe id-bry0hiifvldg0s8v.bdkr | 0x0bf30000 | 0x0bf33fff | Memory Mapped File | rw |
|
|
|
|
| vstoee.dll id-bry0hiifvldg0s8v.bdkr | 0x0c7c0000 | 0x0c7edfff | Memory Mapped File | rw |
|
|
|
|
| mcabout.htm id-bry0hiifvldg0s8v.bdkr | 0x0ccc0000 | 0x0ccc2fff | Memory Mapped File | rw |
|
|
|
|
| reader_10.0.helpcfg id-bry0hiifvldg0s8v.bdkr | 0x0ccd0000 | 0x0ccd0fff | Memory Mapped File | rw |
|
|
|
|
| appconfigurationinternal.zip id-bry0hiifvldg0s8v.bdkr | 0x0ccd0000 | 0x0ccd0fff | Memory Mapped File | rw |
|
|
|
|
| vc_runtimeminimum_x64.msi id-bry0hiifvldg0s8v.bdkr | 0x0ce00000 | 0x0ce23fff | Memory Mapped File | rw |
|
|
|
|
| echo.elm id-bry0hiifvldg0s8v.bdkr | 0x0ce30000 | 0x0ce3bfff | Memory Mapped File | rw |
|
|
|
|
| as80.xsl id-bry0hiifvldg0s8v.bdkr | 0x0d0c0000 | 0x0d0c4fff | Memory Mapped File | rw |
|
|
|
|
| setup.xml id-bry0hiifvldg0s8v.bdkr | 0x0d0c0000 | 0x0d0c0fff | Memory Mapped File | rw |
|
|
|
|
| vstoinstaller.exe id-bry0hiifvldg0s8v.bdkr | 0x0d0c0000 | 0x0d0d5fff | Memory Mapped File | rw |
|
|
|
|
| install.ins id-bry0hiifvldg0s8v.bdkr | 0x0d0d0000 | 0x0d0d0fff | Memory Mapped File | rw |
|
|
|
|
| application.ini id-bry0hiifvldg0s8v.bdkr | 0x0d0d0000 | 0x0d0d0fff | Memory Mapped File | rw |
|
|
|
|
| eeintl.dll id-bry0hiifvldg0s8v.bdkr | 0x0d1a0000 | 0x0d1affff | Memory Mapped File | rw |
|
|
|
|
| msgfilt.dll id-bry0hiifvldg0s8v.bdkr | 0x0d1a0000 | 0x0d1a9fff | Memory Mapped File | rw |
|
|
|
|
| workflow.targets id-bry0hiifvldg0s8v.bdkr | 0x0d1b0000 | 0x0d1b1fff | Memory Mapped File | rw |
|
|
|
|
| powerpointmui.xml id-bry0hiifvldg0s8v.bdkr | 0x0d1b0000 | 0x0d1b0fff | Memory Mapped File | rw |
|
|
|
|
| vc_runtimeadditional_x86.msi id-bry0hiifvldg0s8v.bdkr | 0x0d1c0000 | 0x0d1e2fff | Memory Mapped File | rw |
|
|
|
|
| cagcat10.mml id-bry0hiifvldg0s8v.bdkr | 0x0d410000 | 0x0d45cfff | Memory Mapped File | rw |
|
|
|
|
| crashreporter.exe id-bry0hiifvldg0s8v.bdkr | 0x0d460000 | 0x0d47cfff | Memory Mapped File | rw |
|
|
|
|
| branding.xml id-bry0hiifvldg0s8v.bdkr | 0x0d5c0000 | 0x0d651fff | Memory Mapped File | rw |
|
|
|
|
| ice.elm id-bry0hiifvldg0s8v.bdkr | 0x0d6a0000 | 0x0d6b0fff | Memory Mapped File | rw |
|
|
|
|
| jaucheck.exe id-bry0hiifvldg0s8v.bdkr | 0x0d800000 | 0x0d83cfff | Memory Mapped File | rw |
|
|
|
|
| adjacencyletter.dotx id-bry0hiifvldg0s8v.bdkr | 0x0d840000 | 0x0d872fff | Memory Mapped File | rw |
|
|
|
|
| vc_runtimeadditional_x64.msi id-bry0hiifvldg0s8v.bdkr | 0x0d8c0000 | 0x0d8e2fff | Memory Mapped File | rw |
|
|
|
|
| apex.thmx id-bry0hiifvldg0s8v.bdkr | 0x0da80000 | 0x0dabffff | Memory Mapped File | rw |
|
|
|
|
| office32ww.msi id-bry0hiifvldg0s8v.bdkr | 0x0dac0000 | 0x0dbbffff | Memory Mapped File | rw |
|
|
|
|
| adberdrsecupd10111.msp id-bry0hiifvldg0s8v.bdkr | 0x0dac0000 | 0x0dafdfff | Memory Mapped File | rw |
|
|
|
|
| accessmuiset.msi id-bry0hiifvldg0s8v.bdkr | 0x0dd40000 | 0x0de14fff | Memory Mapped File | rw |
|
|
|
|
| hxdsui.dll id-bry0hiifvldg0s8v.bdkr | 0x0de60000 | 0x0de64fff | Memory Mapped File | rw |
|
|
|
|
| hxdsui.dll id-bry0hiifvldg0s8v.bdkr | 0x0de70000 | 0x0de74fff | Memory Mapped File | rw |
|
|
|
|
| assets.accdt id-bry0hiifvldg0s8v.bdkr | 0x0f500000 | 0x0f5fdfff | Memory Mapped File | rw |
|
|
|
|
| ose.exe id-bry0hiifvldg0s8v.bdkr | 0x0fd80000 | 0x0fdaafff | Memory Mapped File | rw |
|
|
|
|
| accddsui.dll id-bry0hiifvldg0s8v.bdkr | 0x113d0000 | 0x113d5fff | Memory Mapped File | rw |
|
|
|
|
| hxdsui.dll id-bry0hiifvldg0s8v.bdkr | 0x113d0000 | 0x113d3fff | Memory Mapped File | rw |
|
|
|
|
| msoeuro.dll id-bry0hiifvldg0s8v.bdkr | 0x113e0000 | 0x113e7fff | Memory Mapped File | rw |
|
|
|
|
| as80.xsl id-bry0hiifvldg0s8v.bdkr | 0x113e0000 | 0x113e4fff | Memory Mapped File | rw |
|
|
|
|
| hxdsui.dll id-bry0hiifvldg0s8v.bdkr | 0x114f0000 | 0x114f3fff | Memory Mapped File | rw |
|
|
|
|
| hxdsui.dll id-bry0hiifvldg0s8v.bdkr | 0x11500000 | 0x11504fff | Memory Mapped File | rw |
|
|
|
|
| groovelr.cab id-bry0hiifvldg0s8v.bdkr | 0x11510000 | 0x1160ffff | Memory Mapped File | rw |
|
|
|
|
| chineset.shx id-bry0hiifvldg0s8v.bdkr | 0x11610000 | 0x116b2fff | Memory Mapped File | rw |
|
|
|
|
| everywhere.search-ms id-bry0hiifvldg0s8v.bdkr | 0x11d70000 | 0x11d70fff | Memory Mapped File | rw |
|
|
|
|
| indexed locations.search-ms id-bry0hiifvldg0s8v.bdkr | 0x11d70000 | 0x11d70fff | Memory Mapped File | rw |
|
|
|
|
| hxdsui.dll id-bry0hiifvldg0s8v.bdkr | 0x11db0000 | 0x11db4fff | Memory Mapped File | rw |
|
|
|
|
| eclipse.elm id-bry0hiifvldg0s8v.bdkr | 0x11ef0000 | 0x11f0cfff | Memory Mapped File | rw |
|
|
|
|
| projectmui.msi id-bry0hiifvldg0s8v.bdkr | 0x12410000 | 0x1250ffff | Memory Mapped File | rw |
|
|
|
|
| ose.exe id-bry0hiifvldg0s8v.bdkr | 0x128d0000 | 0x128fafff | Memory Mapped File | rw |
|
|
|
|
| vcredist_x86.exe id-bry0hiifvldg0s8v.bdkr | 0x12a10000 | 0x12a81fff | Memory Mapped File | rw |
|
|
|
|
| eqnedt32.hlp id-bry0hiifvldg0s8v.bdkr | 0x12a40000 | 0x12a6bfff | Memory Mapped File | rw |
|
|
|
|
| 0tuiom62.m4a id-bry0hiifvldg0s8v.bdkr | 0x12a50000 | 0x12a62fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.visualstudio.tools.office.appinfodocument.v9.0.dll id-bry0hiifvldg0s8v.bdkr | 0x12a90000 | 0x12aaffff | Memory Mapped File | rw |
|
|
|
|
| vcredist_x86.exe id-bry0hiifvldg0s8v.bdkr | 0x12ef0000 | 0x12f5ffff | Memory Mapped File | rw |
|
|
|
|
| bigfont.shx id-bry0hiifvldg0s8v.bdkr | 0x12f50000 | 0x12f9ffff | Memory Mapped File | rw |
|
|
|
|
| eqnedt32.exe id-bry0hiifvldg0s8v.bdkr | 0x12fa0000 | 0x13024fff | Memory Mapped File | rw |
|
|
|
|
| cat.exe id-bry0hiifvldg0s8v.bdkr | 0x13450000 | 0x13462fff | Memory Mapped File | rw |
|
|
|
|
| cab1.cab id-bry0hiifvldg0s8v.bdkr | 0x13450000 | 0x13543fff | Memory Mapped File | rw |
|
|
|
|
| finds_lingerie_candy.exe id-bry0hiifvldg0s8v.bdkr | 0x136f0000 | 0x13702fff | Memory Mapped File | rw |
|
|
|
|
| mscdm.dll id-bry0hiifvldg0s8v.bdkr | 0x140d0000 | 0x14136fff | Memory Mapped File | rw |
|
|
|
|
| mslid.dll id-bry0hiifvldg0s8v.bdkr | 0x14140000 | 0x141d0fff | Memory Mapped File | rw |
|
|
|
|
| vc_redist.x86.exe id-bry0hiifvldg0s8v.bdkr | 0x16050000 | 0x1610efff | Memory Mapped File | rw |
|
|
|
|
| au.cab id-bry0hiifvldg0s8v.bdkr | 0x16110000 | 0x1619efff | Memory Mapped File | rw |
|
|
|
|
| msdia100.dll id-bry0hiifvldg0s8v.bdkr | 0x16810000 | 0x168d3fff | Memory Mapped File | rw |
|
|
|
|
| feedsync.dll id-bry0hiifvldg0s8v.bdkr | 0x17310000 | 0x17348fff | Memory Mapped File | rw |
|
|
|
|
| portalconnectcore.dll id-bry0hiifvldg0s8v.bdkr | 0x18750000 | 0x187d7fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.visualstudio.tools.applications.project.dll id-bry0hiifvldg0s8v.bdkr | 0x18860000 | 0x18885fff | Memory Mapped File | rw |
|
|
|
|
| msdia100.dll id-bry0hiifvldg0s8v.bdkr | 0x18c10000 | 0x18d01fff | Memory Mapped File | rw |
|
|
|
|
| inflr.cab id-bry0hiifvldg0s8v.bdkr | 0x18d50000 | 0x18e4ffff | Memory Mapped File | rw |
|
|
|
|
| fpsrvutl.dll id-bry0hiifvldg0s8v.bdkr | 0x19890000 | 0x1998ffff | Memory Mapped File | rw |
|
|
|
|
| chrysanthemum.jpg id-bry0hiifvldg0s8v.bdkr | 0x1ba90000 | 0x1bb66fff | Memory Mapped File | rw |
|
|
|
|
| office32mui.msi id-bry0hiifvldg0s8v.bdkr | 0x1c990000 | 0x1ca65fff | Memory Mapped File | rw |
|
|
|
|
| sqlceca35.dll id-bry0hiifvldg0s8v.bdkr | 0x1e360000 | 0x1e3ebfff | Memory Mapped File | rw |
|
|
|
|
| office32ww.msi id-bry0hiifvldg0s8v.bdkr | 0x1e860000 | 0x1e95ffff | Memory Mapped File | rw |
|
|
|
|
| onenotemui.msi id-bry0hiifvldg0s8v.bdkr | 0x1f460000 | 0x1f55ffff | Memory Mapped File | rw |
|
|
|
|
| msb1enfr.its id-bry0hiifvldg0s8v.bdkr | 0x1f660000 | 0x1f746fff | Memory Mapped File | rw |
|
|
|
|
| msdia80.dll id-bry0hiifvldg0s8v.bdkr | 0x23a60000 | 0x23b3ffff | Memory Mapped File | rw |
|
|
|
|
| cab1.cab id-bry0hiifvldg0s8v.bdkr | 0x23b40000 | 0x23c05fff | Memory Mapped File | rw |
|
|
|
|
| cab1.cab id-bry0hiifvldg0s8v.bdkr | 0x24410000 | 0x244d8fff | Memory Mapped File | rw |
|
|
|
|
| microsoft.visualstudio.tools.applications.adapter.dll id-bry0hiifvldg0s8v.bdkr | 0x259a0000 | 0x259d3fff | Memory Mapped File | rw |
|
|
|
|
| adberdrupd10116_mui.msp id-bry0hiifvldg0s8v.bdkr | 0x26e60000 | 0x26f5ffff | Memory Mapped File | rw |
|
|
|
|
| vbe7.dll id-bry0hiifvldg0s8v.bdkr | 0x280e0000 | 0x281dffff | Memory Mapped File | rw |
|
|
|
|
| msb1enes.its id-bry0hiifvldg0s8v.bdkr | 0x2a2e0000 | 0x2a3cefff | Memory Mapped File | rw |
|
|
|
|
| davclnt.dll | 0x74f30000 | 0x74f46fff | Memory Mapped File | rwx |
|
|
|
- |
| ntlanman.dll | 0x74f80000 | 0x74f93fff | Memory Mapped File | rwx |
|
|
|
- |
| winsta.dll | 0x74fa0000 | 0x74fc8fff | Memory Mapped File | rwx |
|
|
|
- |
| drprov.dll | 0x74fd0000 | 0x74fd7fff | Memory Mapped File | rwx |
|
|
|
- |
| davhlpr.dll | 0x74fe0000 | 0x74fe7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74ff0000 | 0x74ff7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x75000000 | 0x7505bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x75060000 | 0x7509efff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x750a0000 | 0x750b1fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x75120000 | 0x75140fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x75150000 | 0x752edfff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x752f0000 | 0x753e4fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x753f0000 | 0x7546ffff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x75470000 | 0x7547afff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x75480000 | 0x75496fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x754a0000 | 0x754dafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x754e0000 | 0x754f5fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75600000 | 0x7560bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75610000 | 0x7566ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75720000 | 0x757bffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757c0000 | 0x758cffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x758d0000 | 0x7596cfff | Memory Mapped File | rwx |
|
|
|
- |
| wldap32.dll | 0x75a10000 | 0x75a54fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x75a70000 | 0x75a79fff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x75a80000 | 0x75b74fff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x75b80000 | 0x75d7afff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x75d80000 | 0x75e9cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75ea0000 | 0x75f6bfff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x75f70000 | 0x75f7bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75f80000 | 0x75fdffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75fe0000 | 0x7608bfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76090000 | 0x7617ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x761b0000 | 0x761c8fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x761d0000 | 0x76226fff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x76230000 | 0x76256fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x76260000 | 0x762a5fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x762b0000 | 0x7633efff | Memory Mapped File | rwx |
|
|
|
- |
| setupapi.dll | 0x76340000 | 0x764dcfff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x764e0000 | 0x7663bfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76640000 | 0x766c2fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x766d0000 | 0x7675ffff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x76760000 | 0x76895fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x768a0000 | 0x768b1fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x76900000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x775b0000 | 0x776affff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000776b0000 | 0x776b0000 | 0x777a9fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000777b0000 | 0x777b0000 | 0x778cefff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x778d0000 | 0x77a78fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ab0000 | 0x77c2ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef95000 | 0x7ef95000 | 0x7ef97fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 2043 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 2.17 KB |
MD5:
f582a3b901c7810826d7f22e0e505689
SHA1: da29c93c472b87ef2272adba5662e64905fe48fd SHA256: 3baae0486dabb86d11819309c1b6ab283179aeaf4f3a3d801ee162467f852a26 SSDeep: 3:: |
|
|
| \\?\C:\Program Files (x86)\Common Files\constitute_appropriate_sorry.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
801fc65b70eff4b604eb76704b16f823
SHA1: 4433ba91617a620913054b2f6634d2e7b4b05eba SHA256: de142cbab86ef799d82abe9b7053e068f3f383276b6f0d6c1d570bddfc1dfc58 SSDeep: 1536:G1qk/yJ8saiTX2AYuq2ROKolFLK/mskcmDQ5GCWwMkQvWiXrEWx4:KqkqJ8YbDrwLxsYQA7vWiXg84 |
|
|
| \\?\C:\Program Files\Windows Mail\sims.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
96da6101cb717108db4137fffd606bcf
SHA1: ed8f586365be0f73dc3abd76991eb97ee36b5373 SHA256: 8cc69e7dd8bfb8ec26283fba407f1cd2698bd12f76b64f1e5d6658683c397f83 SSDeep: 1536:xcUopVBe7mI+mGyHX/lnGryqLFKS6YbuUhct8YG1QVQ8VMV:x16074yPutBb/hcf1VQ+C |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\LtrqqbP.mkv id-bry0hIIfVldG0S8v.BDKR | 53.06 KB |
MD5:
6bbce428735936b71b15bc4427b05d34
SHA1: a32ce0b0b7f04bc0bf978f88aa9d71c3cd2de43b SHA256: 0e261927eb46a24fa2ded108ec305738d161e08226882e3c654a712fac1773a9 SSDeep: 1536:rHcxTaIZelPZUxIIF0jA7rOpNWi/HXAiEOyjtwdvoe:+dGPeuIF0EwF/XAHphq |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\f8Ro3n.pptx id-bry0hIIfVldG0S8v.BDKR | 65.33 KB |
MD5:
1b69f3a3d55ac1ee35cfe684a83775bb
SHA1: c66c3d620465a6ab0073becdb8da62559ccf53ae SHA256: efb25ca61318c15323c8413755ea2dbbbfeaf2b6a37395003f6bfa034416f514 SSDeep: 1536:OG3vQ1Q/D0UIlEz+QiQB6/vGzYaYDMYumqoqjV8p1Pq:Ou4K/D0UIlEKOE/vGzUgYHqoWqpxq |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\17OCGHFRMI5H.jpg id-bry0hIIfVldG0S8v.BDKR | 66.07 KB |
MD5:
4554457e0b193d3be1e197676e45e4e5
SHA1: 70d06448e5d4be6e550f455366ec1ef87334c8cb SHA256: 0cfeb2fc6088edf45cb10d5623cd726a2d6c13c89554fe932d9cc6c6f9792dc9 SSDeep: 1536:4xKPHJuJiK73KzzHNDgD9tMXLz7TFTDjaZyZbJ:S0UJ973K3tcD9t2zPhSobJ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fcr.exe | 10.00 KB |
MD5:
f1927e7f90416bf39fc7991bbc57e1b3
SHA1: 2367249568ca4a34f8824a9313b03d16d1d7c0bc SHA256: 539b0b5d54757e8a2b754ecdc2939eb7cf9db0ed1728e0eca407500222668505 SSDeep: 192:yrj2/2OzcYKNEmkmTjtiIKZIF/2oQlLkMBBm4C:j/2OzcJNEmkmTjkI/92oQjBU7 |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\Tly1NB.mkv id-bry0hIIfVldG0S8v.BDKR | 85.99 KB |
MD5:
358eb6fccde341dd0678e9ef5df60e88
SHA1: 0fbce4b5ea189213769cf83b1d8763322702769d SHA256: 57ba8285efd1bdfb6dbff4af61c1ba1fe79c92f01d29ea9e24b53d17ad7ec08b SSDeep: 1536:RazZI0oJ619gGcxiu4R7k6WcP/i/cmzj15Ejn:RWRO61eGUWxhWcPOcmFm7 |
|
|
| \\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm id-bry0hIIfVldG0S8v.BDKR | 18.13 KB |
MD5:
eb73bb3968e73b83a7c578433aea7442
SHA1: 5c661c737ad8f50d770acb947dcb90a2836bd93e SHA256: 207f1d92025943a30a44180117edae22bbe81a5dea8fc771b7181fd5b375f620 SSDeep: 384:gFAYLZ32R0bNRq0+uNXAvSC26Wy7h3dv1fkoTtkZFu7CbEC:gFxBNRrNBAFB7FdtaFu7m |
|
|
| \\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL id-bry0hIIfVldG0S8v.BDKR | 54.38 KB |
MD5:
8d143e332d58077c273354287b67d3c6
SHA1: 6a4fe65f9b3870387d01bacc8747cc0f3942765b SHA256: 3760da5e0ef923ff826017186e1762024018a62c4304b3da6477e26497c0599b SSDeep: 1536:dgrZnGvBrHtH/MXONT7YbEn7UEPzwgYXWqVXL:dnvBrNHkeObgZzhGXL |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\JwY69bt7Heb.flv id-bry0hIIfVldG0S8v.BDKR | 24.75 KB |
MD5:
4809344f7f1ec9cd59e44afcd75ea10c
SHA1: eae26966a882110f209467da3f0687f68e1c0251 SHA256: 9c30c8beb7b986eb43db62b37ef73eef375637e60f3fdebe6af9819858150733 SSDeep: 768:ap5+uaSOq1Kz5qm3bRRPivvdETviCCewWg5UjBIgH6D:U+ufPKtqm3XQEH4y1IgaD |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\8xX2fIJi.swf id-bry0hIIfVldG0S8v.BDKR | 30.52 KB |
MD5:
598bc0fc15b94d3f796a6ed28626b07a
SHA1: 291150488e95f5fff97cf3511de8a645f96b3a14 SHA256: 3d2631ebc9137225695dabee799e2c9196dcefe01e2cf7e0e2f38b69f9b98687 SSDeep: 768:9gH39Wm03xz1nf4F45FHgcSdIx9i90wUSHT78gXgv:9gc5c4LH+Cb/Sn8gXW |
|
|
| \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico id-bry0hIIfVldG0S8v.BDKR | 6.80 KB |
MD5:
7d17d933e11a9df9b0b91d6255f17edd
SHA1: 0c8c12a25cdac091570c61cad4397c8f58363458 SHA256: d80b778b9b408819497661d242ee757b5ba927ee5d4f945e52507ff0fbf19bb5 SSDeep: 96:Ri6LMduVF3fIbGpgHuc9FFsxznbMG7AGNNLd91JYFdhjWJyGtLJrI:RLLBVBwbeTacbYG7VTd9qqpC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\ArpKK-QGNbVoL.flv id-bry0hIIfVldG0S8v.BDKR | 100.90 KB |
MD5:
0789e039a5565ead33cd4977f8ca2720
SHA1: aa6e11457c4c8ea96e343d2ae0600ea657aa0134 SHA256: 94c238c7fe6fdf746d9c506953a181411f0fcd5e6fda2feabde2eb71dd1339d8 SSDeep: 3072:YjcEYMjLvPA29MWgdnal6gDMOj17r/TgnJv8kjnp+pvu:RMjTPDydallDr17rrgn3Yc |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\69-LUmry m-.bmp id-bry0hIIfVldG0S8v.BDKR | 67.16 KB |
MD5:
7739b67cfa2308436f07c2b0d3a18471
SHA1: 20ed136bcc8b0704175c7331116707c0dbed6cff SHA256: c0271950ed4931d7e621cd91815ca08a026926c6c8fc06e72c9efe315ca79449 SSDeep: 1536:Wi2VVP6dJUTM+n2erkwZWJZUfSFM0X30R9VvwaTOV4Oh:WpVPUJGVn2XuuUSF/0Rj3TOVh |
|
|
| \\?\C:\BOOTSECT.BAK id-bry0hIIfVldG0S8v.BDKR | 9.50 KB |
MD5:
e559c8f71c2c05152bdee0b19369a4ef
SHA1: 495aa1177edb89d2587f8ebe4b5ac7f882f672e9 SHA256: 143fa2c75ce4c21254f9c497658968abf051de946d20081e9b9fd1a8952ce164 SSDeep: 192:KU7zRENZwrlAv4L6mugT/72rE5qXY17o3ZdvPnLWSY+WJdoBQKCBQ22rGCC:KU7SNmr24t3T/72rrXY1YvPnCgNNgFAi |
|
|
| \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL id-bry0hIIfVldG0S8v.BDKR | 50.87 KB |
MD5:
3d7b32296f8a276e18c8ccde042f5ebd
SHA1: c2d8ceded0f53363d61842b50ca0a780da8f367a SHA256: a7b1c784e612dcc6cd8b67d51d5546d75445ee7ed4665d1be2d45c69a17d94f2 SSDeep: 1536:O+ohZiGTY4RCj3uE6mf9CDxbLQttq5C3eKl:OVmG8hj3uEjf9CDxbLQTq8Jl |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\D3kKjfyCTl.avi id-bry0hIIfVldG0S8v.BDKR | 89.78 KB |
MD5:
5bf4c15ab027ee29f3bdb1de392eff85
SHA1: d36bee25b3344cfdaff6ff777f8d66c2407a8e0c SHA256: 732cda4b99eb64d1eee884fee3c001e84137f10dfcc59b33fea42a7b2aff05f9 SSDeep: 1536:Hg/GCzed6w7G19/nw/yURksUSjMf0rk+qh2k9VRBmUCblNiQAngTtTWVlf9KVH3e:A/a8bPw/y+U2M1phBVPmUCblQJn0TWVD |
|
|
| \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest id-bry0hIIfVldG0S8v.BDKR | 1.72 KB |
MD5:
df620193f5a10255319b622cb7fa0a7e
SHA1: 6ba3131e8a3f4c6d3a706ac529ec1509cd2acf9c SHA256: b864dc60ce46818e849d55ec785f26dbb0f9721cb6275bf4d6c0a951c72c416f SSDeep: 24:Sl5YJIhHGSISyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:SnLHGxq4YJI+8rlf4I |
|
|
| \\?\C:\Program Files\Windows Media Player\sentence-arrive-unnecessary.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
413b407e077da9fa9c741c0493ab8a2e
SHA1: 1209f72ea4aa883ec51867dda7a389ee7bda16c9 SHA256: 252cb1534778d4fefe3da49ea3336a8efb94a0ec0a7d087fdc6a8e1513d1a335 SSDeep: 1536:JYIZRHHoESmuinEy1kWOWbi48X7vQech14tY:JZHHoESmuiEy13aDIeY14q |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4JBCyaw.csv id-bry0hIIfVldG0S8v.BDKR | 92.72 KB |
MD5:
c1389180f9ecafc8580c3e6904ff4085
SHA1: f0b7044bf9b1d26cc00dbc35e767d46b79cac1b5 SHA256: 0cfa657ff28a29bb3bc6197d1a16274a1484d82c2a7b49a1efcd8aafab89dd13 SSDeep: 1536:ymUVlDZoC+jdt1JI2gQ8w+eQI07VWSaPOPWkHD4+C4mHdyHzWoCyEIaO4Y/r:yZDZUW2gHwplYNE1kj4PdyREI+Y/r |
|
|
| \\?\C:\Program Files\Windows Defender\picking separated lib.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
e509cd916aebab4db072fc364c5e1ec1
SHA1: 08be03159771efe63ba6db1f607b483695267de8 SHA256: 4e6d796716a369116216302d2eac6a2e4db64522db40ee117b986dc745f5b54d SSDeep: 1536:sJa6dbOhr6zEN54jZm1p1MB/Fu1985VThJD27GEGWMT33SSGrT5:sJa6dahmoN5sZE1cFuLSVTI+L8 |
|
|
| \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR | 1.95 KB |
MD5:
a2dec721264954257b3ea07a070a517f
SHA1: 6f5571b9382f1830547799528108e3fe202ec740 SHA256: 719d1cc79f7bf4b3144e9502285ca91e617c8a6371bd1cddd3b3a33e38975041 SSDeep: 24:xwCQEh93RbNrYf9xaP5WJHU5osnL+FJ+k9yjyt7A9KMYVP3NY3z3m8MGQ2bkRyIV:xJZz3R58FxO3+Yo+kDq4YJI+8rlf4I |
|
|
| \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm id-bry0hIIfVldG0S8v.BDKR | 18.10 KB |
MD5:
511fe10185620f8c814ab724e9b6570d
SHA1: 252b3ff3dffd861d0f06065c53049da0e04dceab SHA256: 68f38e3ac6ac6c96f78a6c5e647aff8506faf1240fb2af53833a8f6ab8613563 SSDeep: 384:UifYJsfCxCxqJFniH/2JJPOQ0EUlxyvFwvGRG5AiMPTUdlK9pgl97e0uTRuQCUC:URJsfJgFnnJ88wv/ruIRe0uTgb |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3_jeQviZoYNlnOtMBcq.png id-bry0hIIfVldG0S8v.BDKR | 98.88 KB |
MD5:
b106d41e581b87a8ef8acd3365828e35
SHA1: f11ef26f1d8586e02942eaca3704835e1223666a SHA256: 55212888814ea0bebecdb58d6444035eeadce5f5e46c09ccf7cc623fd57800a3 SSDeep: 3072:4mDB62Y7TFdZrbdxlbFQxtwG6DxA1B+K22:r/Y75v1xlFQxtEDxUF22 |
|
|
| \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR | 4.02 KB |
MD5:
6a4a6981520710bef83e74c9d054e321
SHA1: f0fc015f4e9b0dd0843a6d51bda9e3ac425d41cb SHA256: daf2a7d354108faf7eadae2991470ea4ac5423f8e908738263b5936f8a7be998 SSDeep: 96:gaiJHVUe5gOZy5HX+zWWOEnkJcFxb6RkhQW3+0A7GLJrI:gBYwgVHX+artuFxb6yhQS+X7GC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GcQTiaw8mWqp.mp3 id-bry0hIIfVldG0S8v.BDKR | 58.83 KB |
MD5:
5ff18865e2a2343565936c7f68fdbf35
SHA1: f0b10758a4a484c82080a984801c813b703fe573 SHA256: fc3cd48490913fdde3350b81ce5f54ab881d5c5cf2f2080b44663c79d3f133c3 SSDeep: 1536:wKJP+HxFXZ205bYZmQZvFKNsE6KvyWzCJF825t9:w7HjoiJikN/6KeTdP |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 2.01 KB |
MD5:
b7aff0fb1d94a495bf85b0d575edc70f
SHA1: 5fbea8c273b8118ad86f148f195cc4de58c6de21 SHA256: daf94049db58c8fa57887794360d8303cb5300c1ad1463ba0d499e8562784197 SSDeep: 24:rSf8O9yaBxUrqccAPAF/GJPQxneoVaxXyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rt:g8OBBldZZuiq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6wzmOUQs0Tg8egP.jpg id-bry0hIIfVldG0S8v.BDKR | 92.55 KB |
MD5:
a0c8262200e37aed846edd3e24b90bea
SHA1: ff21f4533a8aa6f5e8c87d5869c8c0b58fdb850e SHA256: 7c8a1cb924a91217f825350132550b1ec2d49ec416d8521671ccf2a72dc7fbcc SSDeep: 1536:v4j8Z0cQpi6rPtH4+X7eM/46OmeL3Rh4Y6CSff8Y3S6xIa3bUKpiFKgzmCrl9Naz:v4jls6rPtH4+X6cO/h4Y6C6fp9OqNQzC |
|
|
| \\?\C:\Program Files (x86)\MSBuild\moore-encouraging-percent.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
f1987a1019e00f506dfbbcecec85c0ee
SHA1: 28c18690ed1accf76607369fb426c7b33f6d6ac8 SHA256: 52f655d654a44f726863dd5edc7411e9f74b401a9c5128d4415469f39cd0d3d8 SSDeep: 1536:uVQkLtGN81GBTDUYWJik+sWRR++TvC8CaTH7eH4a6lLUxro:eQkkJyH+sKI+19GYa6ZUy |
|
|
| \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF id-bry0hIIfVldG0S8v.BDKR | 7.36 KB |
MD5:
a2c7c6ecd7fad6540453e0f1f5fc704f
SHA1: c23a17c32d9d58ad98c090f687d4c142df3a146f SHA256: b1f61bd80ff9770590955f6840e441f6338e13ad45abda878609669419f13965 SSDeep: 192:7EuSJ3T5bMTdghDw7t6BenyP+Es1fjv1th8COwC:ou6dBS7eP+BFjdtTC |
|
|
| \\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT id-bry0hIIfVldG0S8v.BDKR | 4.83 KB |
MD5:
5d34e1f75a73745fb119aaa8e088628c
SHA1: 2f796b74489eb69e64aaf1c19f4d097166095c30 SHA256: 09ef4c54de4240fbcb382701b1cdbf7abcb9fc519f3f53c310f41a42f7d91fae SSDeep: 96:+2kJ/PcKxrGWvA5F+sxbJKdEnbJsqM6NSTvgrOLJrI:+xPcKMWoH+21YCNSTvgKC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url id-bry0hIIfVldG0S8v.BDKR | 1.63 KB |
MD5:
1c7dbc316aa02bbfe7eb5bd1c0e69365
SHA1: ca89e23fe0ab0e8fae4801e92b04420406cda5bd SHA256: 71cba5552d49f58c2a1433ab0de92031b63b9a75262bee41baea179db21bcccc SSDeep: 24:XpuNuKjltQiJLwzjyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:XpuNuK5tQiFq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0cdYs09W.xlsx id-bry0hIIfVldG0S8v.BDKR | 43.47 KB |
MD5:
818bbb8a2c824dfea431d9b721af80d3
SHA1: 64f49e09263ff46badc0b41f337426578550538d SHA256: 425477ce03200f0b5f7c9a7e22221f5d8b90261e14c5a339cc46d04937d8ea02 SSDeep: 768:v9MhvZ31gj952ka+k1DZa1b+3gZoaHwE8MjJon2lLrB:o1wn2k6Ha1y/aHwEB229B |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.99 KB |
MD5:
60b6f4fc139c1050a1fb46aa454e991a
SHA1: 0d63673a755f236393964b196a20faa2cd6df1e7 SHA256: a4e5b6fe6905c92e541156ec805cd93d971e77a14efb246effbc11e90fca703e SSDeep: 48:g1cKf1yR/d8s7garpDRPonDHq1q4YJI+8rlf4I:kcKfeW+DQbqwLJrI |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d-NecsGi8.bmp id-bry0hIIfVldG0S8v.BDKR | 87.39 KB |
MD5:
9179aae19484a9f8af3ea59b55b8f6e6
SHA1: a950243b57f109d6cef49b6b5d8707583c8cb1f1 SHA256: d30e11ecca39e549b724ab579da55665c1e0d6a0e4fa7b4799ecb20dab02536c SSDeep: 1536:OMYqBu4QX4umfH+94hGSvdEOO/8HS2d1qy/WzY/dqCdw5Hr4aav:DYMu4Ru2+9+GSDO/hHmVqIw5HcBv |
|
|
| \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0} id-bry0hIIfVldG0S8v.BDKR | 8.09 KB |
MD5:
2c67c4781bcad69a3116cea4b7f2e3cd
SHA1: d1cf114f74b9c6e2809c52d52ce1a15ebd19ecf3 SHA256: e3ffa39e4717797df588278141dbdc9ff62da0f9638d2155bb1a737303e10bc1 SSDeep: 192:OyZtBI2QWxSn98KDRK0hcRZpDA+Cs2qPdUm4UYm2ABMKC:b7BpN898KDXC1DA+CtqqmsmMKC |
|
|
| \\?\C:\Program Files (x86)\Java\jewel.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
54978f8ed867529a59ab3dccb61ae79a
SHA1: 4ec991c51caba9c3c638ad1ccde81281669a1ecd SHA256: 0be17bd8aae57f930d4a3a02f7b03f43371d32015217d86bade56644ceb8f99b SSDeep: 1536:wwYKfTQ2r7ePNeO1U/hZsbnK/9qEaXisP54Xf42:DlbQ2r7ePNeOKL8KVUXisKXfz |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.78 KB |
MD5:
3242c3a4a83b6e46607e22d7eeb64d3c
SHA1: 8b3d55add57dfdbb6b3131078a3bc206a9e93c99 SHA256: e020aa6367b531b4c47a51b4540dde085ad4c6ec49a709a19d2ce3dc74ff526c SSDeep: 24:MRFuaOcgbKtr6qI4wS3I230EYfCJsfyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzL:UuavkqYC/q4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.99 KB |
MD5:
751f3886ca2bfae3462ee194985a4570
SHA1: 9b11f93476f675aadbb1f1f8b71825851e463ea7 SHA256: 5351bb75ce8128f22d349d59d92cc1c81cae8403968c5e8f4923e2e8cf756622 SSDeep: 24:jXrvmUvaxYoiR8p39+uftEDPwTPnyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBQ:Pna2otSuftEDsyq4YJI+8rlf4I |
|
|
| \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR | 1.90 MB |
MD5:
31cc57358649d34d7e6d9d150b2efbe8
SHA1: 8236fe81b5394e995404bea12dd90669a37b8870 SHA256: 37dc8c0c7dee19670a6aab4f64c4f8de979c22932b55219fc124dab1f22ca435 SSDeep: 49152:zmkyGUc0HJCVmVw8yDNEUsAZVbJ80BqEI2SI:KJJc+kV2w8i6UsAZVbJZT |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\6 6JppDDb.m4a id-bry0hIIfVldG0S8v.BDKR | 30.89 KB |
MD5:
c0d6e5c1e801d613a9114bf2ce2b9046
SHA1: 5ea230e9003731c8bce9f684b3034232cbbe2455 SHA256: 9b3b51b422b00ecc0874bd99715777efc650613cb8dbcea8d667a9904fac71b5 SSDeep: 768:mb2Ph90c9OmVx+S6J9MRACMDpZLmVldjYTCiEJjhf/UKY4:mb2T9V7+t72MDptSjj0CX1hft |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\82U1GLPSN4SRNIud.gif id-bry0hIIfVldG0S8v.BDKR | 72.78 KB |
MD5:
7e1e9700ba458e5b96391a73fd4f8c19
SHA1: 50a290e07d76dcbf5868b1a7c6d50ec4ee42175c SHA256: 3c140e0d175dd455a267230ae08e30503bfd3d4c141d50383829ab4bd55980df SSDeep: 1536:DF5MdEaOgUB0aEFjPryx/S1pnEsb7r+r/Kg29F35v482NkSXRa6z56y:DLaOgPaejPrO4DX2/KZ35g8uRae |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst id-bry0hIIfVldG0S8v.BDKR | 2.65 KB |
MD5:
47e8caeb948d514e775778cde681b9d1
SHA1: 083d7e78e4d59997ab0c13f04521bfc13397931b SHA256: 99458e0d1233f6601d8717697c7bb7ac567a5e923d00c76b3e5accc8da63e343 SSDeep: 48:puQjyd7Ie43eimQIA09fyiO9LiEnPRjXmq4YJI+8rlf4I:pvCEnYA09fy199pjXBLJrI |
|
|
| \\?\C:\Program Files (x86)\Common Files\regulationspublishers.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
29d826493bd78082e4cfdd8078227630
SHA1: 4b4bcb7d80517972aed37efae1a2c4584be79172 SHA256: 213ce9d4bb028d2d0b153f304ea0c9a998a6fd6e4291a67250212fca7215217c SSDeep: 1536:4Ty4bNFU0wivT6lT80pZnF9XKdNHhzerkjjZd45Xhnyg/i:SXb00wi76znzABckpIcKi |
|
|
| \\?\C:\Boot\BOOTSTAT.DAT id-bry0hIIfVldG0S8v.BDKR | 65.50 KB |
MD5:
72d52273c11706dcfe5c310a76fcd056
SHA1: a4733a9db918a60ce85f199669c70840b61ee721 SHA256: 5c66aeedcb39d381dc1211890c5d7df121827567e00400a4cf8483f05a6e77ba SSDeep: 1536:k6le6/v66n+oNEV7QiUXCsm40vjRUTUF8rnOIHQSGz:fe6H66fNhDsJrRoUarnO7z |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HhuwU2FyuyIkneVE0.m4a id-bry0hIIfVldG0S8v.BDKR | 2.92 KB |
MD5:
5ccddbd330ffaad560920599be3d9c96
SHA1: 7fa17d191818d627129dfeb6e51f1982e89bff6f SHA256: a8e45ecbeabd3b34498069fac2aac21306a7a848f760a94a9bf94c2ee42c113a SSDeep: 48:qxnq3qnJ8jMsQqoTPFCkiBF70ZggBEUyX7Y3UWq4YJI+8rlf4I:cnq6nLsQqoD0NBFAq2PwqURLJrI |
|
|
| \\?\C:\Program Files\Microsoft Synchronization Services\hourunexpected.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
fb5d9f517f2d8eed55c434264f784edf
SHA1: 546fe9d5b88dad84dcbfe49199fe870d32985030 SHA256: 4dd34c2185ebe494409e694d5241b392ff455f8a48bee5e8105d78b79c64676a SSDeep: 1536:cE3j/AY8KB8VMKK5/tabXIS6uVoa2crI8276l:bT5Ki/8bXJBya2cuO |
|
|
| \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL id-bry0hIIfVldG0S8v.BDKR | 98.31 KB |
MD5:
374bb9a5e4930d25cea562b26d0e2925
SHA1: 74d27edd53488a08c755c8ab7a120bd7694238fd SHA256: ae76f565b8f7b0585a8f96cac8f00ef4c9cf9d418d697285f5daf7f6aa59e6d1 SSDeep: 1536:vo5aGdoXCByWBH3SDxYRCOjMemd2/IT2LamnRJDHfhQeGhOsvRs6nVj7NBMvIv:kaGdWyBHCGXdY0NTrH5bGnHV7U4 |
|
|
| \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC id-bry0hIIfVldG0S8v.BDKR | 2.28 KB |
MD5:
a2f8235d04c7216134f6dff07715bc88
SHA1: f99a0b9fbf52b9ee8bdab76e858768aa3df7d626 SHA256: 2c67b279cecdfa68d078d15ebfa3e975a4a80fcbf3f2ce4f54640b15f1fff1d7 SSDeep: 48:Olot2V4DXcn7CNLsqyq90fq4YJI+8rlf4I:Olong74LLJrI |
|
|
| \\?\C:\Users\Public\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.87 KB |
MD5:
07b4c0bae9acadc01992fa44e00c2550
SHA1: 48c9bb671eb097825d53968cd2d8d9adc4b9913f SHA256: e94df3f578ce8f61a5cba7297c428df1dd18e6fabf264c4f7db926d6efc0df91 SSDeep: 24:JwVfyN5N4Gsz6I0AoxISe3WxFxnyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBb8:WVyN//hBz2q4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BDLjWOroke8o.swf id-bry0hIIfVldG0S8v.BDKR | 73.47 KB |
MD5:
c1dae7dadc7941fdb9ad0702d50b85c5
SHA1: a332144b08f6279dee094c7f542a9442fbc12070 SHA256: 48fe092ce69c6890d6013fbe94545f16d01f242fee18ac7a7354540eace5f9c3 SSDeep: 1536:OsmysQzK8UHbL6/4cngAvWgdnUQUkRXxYvwpSaPARcy91qBdiy:9x4V/O4c1OgBUOhYvoqRcy91qBYy |
|
|
| \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll id-bry0hIIfVldG0S8v.BDKR | 18.41 KB |
MD5:
40ff810dfbdf4d6f86be16f3151936dc
SHA1: 361e87b764476192d96aa7675748c4378f2bd19e SHA256: 349ac0c059f40e9162d1d252de60d0fe7abe83daa90491b4841283a0b83d1f0e SSDeep: 384:topa0EyWloykrk8jGzDR6JTZJAZNxReW2lF7FW7I7XC:pQTjGXYRZJExkJSI7S |
|
|
| \\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll id-bry0hIIfVldG0S8v.BDKR | 57.38 KB |
MD5:
d90376280e58363efc59d023021588a8
SHA1: 03d88bfe867ce483cc71a212a01e3f62732ee67b SHA256: be754f447f4c893021238b14026aa99afec8a2e585ae57a59efd9e67470de57b SSDeep: 768:BhKIFsTu4XsTDuL6es3lCBoS8f42/Xl9/0FZSxpP4YIkp20VBqr4mL8TgyBdU5ch:/fuZqDuL6eGYiSobfbOszfq6TKsrfsM |
|
|
| \\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets id-bry0hIIfVldG0S8v.BDKR | 2.25 KB |
MD5:
0c032dba276e54921618dc7f190ff086
SHA1: 2517004957b7fb35e2112ce27ce71a2a47b7d72c SHA256: 04101da152fa635b5c3e79210756496df790729dd002ccc92bcf45ed3ce1b6d5 SSDeep: 48:L/+/ASXAwdwMTlt9864qtm46Zsq4YJI+8rlf4I:Lmvdwci6bXILJrI |
|
|
| \\?\C:\Users\Public\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.67 KB |
MD5:
51831d547790e63e40a17cf4ae2b8b3f
SHA1: 69d7c5c5a5581ed22839b148e393847757954e89 SHA256: 96a67df29f01f8f9c994e8cab66dd6ec2c22acd2c1019c13447a82f38a1d2d76 SSDeep: 24:mlALTigL0xjlnnnr1qRgNyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGn:sA/ngnnJFgq4YJI+8rlf4I |
|
|
| \\?\C:\Program Files\Internet Explorer\mysimon.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
fd7752f9b093f175a906321dfb779653
SHA1: e19059e4af395e737a76b04aed0c4055e5ebc1e7 SHA256: 644856c130b44bcce24f1de3347e2193522aa263de026702a49c40571701768c SSDeep: 1536:jdmuUi1xvjt1nI5KJA0Fkjcl2KJkxPDpDnBO/t/XsOdMEmU3ijF/:Wi19fnuKz/cKJkxPDR+EyMBCw |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\aYtHQeH.rtf id-bry0hIIfVldG0S8v.BDKR | 43.79 KB |
MD5:
78d054232a2401053d9305e2a03c0a9f
SHA1: 5343d9b4a7c9854a4c7be07cf37012c79aeb4f3f SHA256: 76e6e6235a8ee335abed2eadbc611e943ef90aba7a315f45dc2adcd349081048 SSDeep: 768:1RqJAPtzyvG3v2i1B4pQImVZNAul69AgLIIoSQCQzXJVMSN66/dsKxBL7Hu2:1aglyevrGUv7YugKhBzPMOdlx1bu2 |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\4t-7-GHSbfJZ.wav id-bry0hIIfVldG0S8v.BDKR | 48.25 KB |
MD5:
35c36abc9f443123af0f6d3f821aa0de
SHA1: b366a5692eed88d8cbeed9b56b27504ece44aed2 SHA256: 1aa4649a5c64e2a6fd5e3f42b1413b2a530628f13745fae1971f8e883e85b90d SSDeep: 1536:M46eBZ1sYdZs0jdx/82XdygUv+zfAlMTuzLlEFggV1XqO:IojZBxU2Xdyge+zfMMThygVhB |
|
|
| \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS id-bry0hIIfVldG0S8v.BDKR | 28.73 KB |
MD5:
6e6070144d17cd661fe87db7be52fcaf
SHA1: 2a249cbaab039a9e7ff7cbc4639a2b279c4cc196 SHA256: fec627f2a504d66463a0a4338594144857d32c153fe0f2d6ded42048f256cd93 SSDeep: 768:p7eruG+TfFVB2TW3bnmF2mVl/QuDTBhPqS:p737fFPsGmF2mdTBgS |
|
|
| \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll id-bry0hIIfVldG0S8v.BDKR | 114.53 KB |
MD5:
938f43829ad29314f472f03b3b6ef1de
SHA1: 82f1b23291838fd3b65b3b8efa6a39ac96db81c5 SHA256: 2baa7faeaf7d826e03bbed0d5b299e1e426d2abbc5432a349813cca062799448 SSDeep: 3072:bxTWp7hSG0mkfO/kwQXWKVHk6UZsj1xZktSjSbccSEl:b9KkJBX1VEUZktSjSbL9 |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6cHawfktiEZ.wav id-bry0hIIfVldG0S8v.BDKR | 97.77 KB |
MD5:
74196b6cbbac5a2a5bda885894ddbace
SHA1: c01623cef4f1bc28e5d2e8b75207266d1d5a827b SHA256: f6386f49000c1597541c59d4a14ffa3a7586b802b396a196bf6dc04e4130d15d SSDeep: 1536:3cquFoRLQi3zctBjclvJ97xVNxL4rDhLngt5+013M0VgB8bXxMQm5Z95WFg5DmzM:3YuBsBArxTiD4PgaC5ZnWFgH |
|
|
| \\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll id-bry0hIIfVldG0S8v.BDKR | 1.20 MB |
MD5:
2f8841d4b0b1e312ea07fb07ebd15b25
SHA1: 1c40fbec2f0e8ada2e76d673bdc6f0b226c504a4 SHA256: b37a3091b1a60e6a9e3bd25c146b4a87e5bc27f8d8cdfed65c49abd0aae0fde8 SSDeep: 24576:4J0XmmKIIfJZhNpfy9LvbbORL7y3P0KFKglfvG5EW1i:0UmmKTfBNFGLP0f5K4g1Gpi |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h-HTnXxEnveIM20.m4a id-bry0hIIfVldG0S8v.BDKR | 27.88 KB |
MD5:
bb931ac949bd2a1c17ba687842237096
SHA1: fda049d3fa42b446b8254b2e955fd8454d02953a SHA256: 59af9a9c463910cc38cf0d12c6531b8cd4df42a3aefa1780dded304957ea875c SSDeep: 768:4z82oI9a/aONAUOAj2nnMtL3x/ZGAUwOMw:4BoI9HUOTngL3x/ZGAUwOp |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\lp0OA0hCWhhS.mp4 id-bry0hIIfVldG0S8v.BDKR | 49.00 KB |
MD5:
e0691f53f0ca539eac40c39d0b4e5af4
SHA1: 1fa7bbc6aa0de6185de4449b8af47f5054414e4c SHA256: 5b9ec36d9caff728bfe56c35c5d89a46f2915b63352325183ec2620461f2625a SSDeep: 1536:BUJBiqVGA2PMkkAfIOdaB/WvxYwJhFzE1:G3VpASAfVO/WZTHFzs |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\b2ut2.avi id-bry0hIIfVldG0S8v.BDKR | 47.08 KB |
MD5:
3aa85c381ed748c4f7c2a61e19d7405c
SHA1: a7ee6109686f24f809a1dbf48bbba99c762f3b7c SHA256: aa76962136c61d3abf754df910566375a15422c4bcd3ada46b7f79887a97de2f SSDeep: 768:7Y3+GzSD3Ul8TD1nXGKUYWqb6lQpj96hdoekF80+znmQt4O6AphMiDDdZ9tOzt1i:7Y3+GGD1TRnWc+lQT6hdoekFgTV4ODe+ |
|
|
| \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata id-bry0hIIfVldG0S8v.BDKR | 1.97 KB |
MD5:
1950e3843c283f6f4cda859584f89fe6
SHA1: 8ddb6d5c169cab371a89dd178a848f4fbb956b00 SHA256: f51521e564fa813acecbbf3474469d60f0198a5000c4f4b90275be24707dd3f6 SSDeep: 24:dZbM0f7RRYcpYsiNPE7Zhg+FWRyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKX:n5bYTahHTq4YJI+8rlf4I |
|
|
| \\?\C:\Program Files\Uninstall Information\vampire criterion.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
53dbf3a72879953dcb8e1ac8b778a678
SHA1: 7e78d67937741e0bb066f8543799ddc07b1cdbd9 SHA256: dd25532a887252cf5ff9fc3bf4854071ecf03dd70b6dba034c3f5136f6deac30 SSDeep: 1536:NTYacQzuVgOm+SBv0Kswiv+CtE+1q3PNyHzkP+kCmB3ElEX:GEzu3Av0KscRPNezkP+kCk3ElEX |
|
|
| \\?\C:\Program Files (x86)\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR | 1.58 KB |
MD5:
f02767f875429d652e73e7458623fdfd
SHA1: 1805ac19198835a5f394e86c6abfa84ab82ca2ea SHA256: 4af149f18c55bdada275dffa4103e61bcde7f710d817eb449c5931aa86a611c6 SSDeep: 24:3of3fR7UQcm6DtanJgfyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:3onJimyQnJgaq4YJI+8rlf4I |
|
|
| \\?\C:\Program Files\Windows Defender\finds_lingerie_candy.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
950967ba1657249a4e1340bb50d2cc11
SHA1: c18d5a6edf5c5650c4d14df5ac737f94307bce2d SHA256: 8e7be5c41647d375b950a6dd5ea278bf1ad5a9ff03dc038734082b2943153f8a SSDeep: 1536:g4MYwS6xX43IziPXB42NPNQhyGF7toQ2vu3ru/EwzTlP:aYwf4aiPBBNCyotolu3r1ip |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\WOUo-AhtDHZS.mp3 id-bry0hIIfVldG0S8v.BDKR | 53.69 KB |
MD5:
2fc1905b32b0f55b26e77275e2d77a35
SHA1: 7757cebb04d5dfc33cd51c4bcda2d103d13a0eaf SHA256: 656d526c586daf591d04fb8f12889514357cf9a9c293160d053df2ebcb4b1e6b SSDeep: 1536:uwJGns6fSjhtofbB+EujYRkW/nELyf3f8:lcnfSdtofbWCD/ELy38 |
|
|
| \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.SqlServerCe.dll id-bry0hIIfVldG0S8v.BDKR | 94.58 KB |
MD5:
9966aa242ef248814a80d47cce4a2a83
SHA1: 64a796d090325b3c23ecaaf55c8d10a3843ff683 SHA256: 6f7cc45bf97eed7d9f2a832d9eba7d42a697b1588b70c3197ce6a4b43ea37da7 SSDeep: 1536:I3QuXLcH+cysxvL9K8KMHWmo0Zpio1UyyupZjnWnZEUxpeFmENK+eX9pr9YD:kQ6cH+0fBLo0rFaFsZzW2U3eYEmXSD |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact id-bry0hIIfVldG0S8v.BDKR | 2.65 KB |
MD5:
284af0b3e25e20e635b7d11d9925d731
SHA1: 80ccc97cace96eb0c095bfcfea6533f3142d9601 SHA256: 640fe851682e657950df81f152dac71bf35aea6acf6462ad14dfd47c9346adcc SSDeep: 48:5DygQa0/g+eMClRPxfF0ZhDX93wHcq4YJI+8rlf4I:5K1g+elrShDXVqLJrI |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 2.17 KB |
MD5:
57aeec4f63b1206603d41b7f500466a8
SHA1: 1bf9c60e2b172e87e0ab87368f56969affb96122 SHA256: 7cc2433818e402220e5ca40385dc3918b99aecf486764a294fadabf73cc1507f SSDeep: 48:eG6wpTmrUDMDEIyTeUC/GeeASOl7s+D8OIWP3/uL2gcDDY+qnM:eG6wJmr2sATe5Gh9i7bDP3P3/Y+D7qnM |
|
|
| \\?\C:\Program Files\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR | 1.58 KB |
MD5:
9767e41441f36496be4a9c9e32de8768
SHA1: 19ded89b60d64f5394192c48e5eb8714b00c7ae3 SHA256: 2a67da9084f6aaf25fffcc85ae4716da74bb137d3be6dca504c6fbd0294f2440 SSDeep: 24:c4lyDkWFfVyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:1EkWFQq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\1805vjPgt2k9.mp4 id-bry0hIIfVldG0S8v.BDKR | 98.96 KB |
MD5:
0a74db67e93937090cfef7c9262c8405
SHA1: 0f230e966ce8d9d3e10ed13a3470c4568df6e526 SHA256: 79f01c6149d24182d3d71cd030d8d8c46e796330cea6f6d84dbd03005a038218 SSDeep: 1536:6E0/PdO0eBMtctLKtkdJxybfEZf+Drh7DJ33/kiPJ/58edNLe2jQABCs2wV9YRIR:23dO0tkLUk7M44PlJ39e2j9Cs239eadA |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\iJ-ZpQPb5YO5-LGM1KVt.m4a id-bry0hIIfVldG0S8v.BDKR | 13.55 KB |
MD5:
b45976e2e7f653b70ce59277775bbf10
SHA1: d513cff44cbea9ed0ebfc135d49d80fcef89e02b SHA256: 465d15cad676f7d4548500c7746387ab3f9e93750c56dcb6f9fb772bab0387e2 SSDeep: 192:iCdrrM/0qheg7qXn9+m31a9+ELT7HNuMlitIRlPFdKIWDtOZiwP3L+RIH9QC:iCe/0FYqj31a9dbK+T9bZZ3L++QC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h84ce25Cd2e.csv id-bry0hIIfVldG0S8v.BDKR | 37.86 KB |
MD5:
29a32b32aa51eb7722c9e9a014808bfa
SHA1: ed5f7726e0c22c1c05e3cc27154b5af6dfa0862a SHA256: 5d82010290166130130abad0d3abc73d820f1ddd448179b914feb875d13f5a45 SSDeep: 768:Ap8p1muzBCM307l8JXJszPmHK2IRIq4cEbMPsgFe3RjAGo+pYac:o48DJQXJs7UUEoEggOOp/c |
|
|
| \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-bry0hIIfVldG0S8v.BDKR | 21.11 KB |
MD5:
262f10a862bff1d90de910e5a374cdcd
SHA1: 80b0ec3e113419c70525f384b09d075235f09797 SHA256: 9e9be592896cc94b00212880c8c8c7eab59a2185f164fa3be8eb19347fc3fcfa SSDeep: 384:Fm6ZOTYSDqNlLv8x7ZbqdIEEHRCuAzUZiqC7pSaUBbEBC50E7EAojFhMYD0C:ETUvtv8DboExCII7Sa+TV/3G |
|
|
| \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll id-bry0hIIfVldG0S8v.BDKR | 151.41 KB |
MD5:
ec9d20286423d89eedd48b2ca2f46682
SHA1: 9342e597596befd9d62640c201ff07831f3a8fae SHA256: 8326bc4e9417cac5c926d8cb5c8675d6f5bb580efb26dc5fa2f73a0994035cdd SSDeep: 3072:qjw3PKFuvMZz+J5J7D6d5TnXNhNLd1R6Fp/fo9MXxWxe2JHGp:lfK8M8PJ7Ds5TNLdT6DmMYrGp |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\fWCi8GqHv.flv id-bry0hIIfVldG0S8v.BDKR | 38.83 KB |
MD5:
2f83c2d4d2cf75f0fa7fff4122a39471
SHA1: bc31fd006e7e0f48258cbd19c1f46b9ba4d5763d SHA256: 82be7c2ffbfbe63d402405c532189f0e414a47f5a547a2e5e852ace268aa8e59 SSDeep: 768:ndscQxI9t5nUz2+GhC8phL9EpXJdUnFRZ+07aPKNr+Sa2AE:nScQxOtuFchRElMV76KlxjAE |
|
|
| \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR | 2.13 KB |
MD5:
c491f18baefb4935fe278ffd5137ab2d
SHA1: 17da60d023707647570cb04a9347aabefd851198 SHA256: ee5f1318085bc34e1f3e3f24fc490fc502de8a183fbafc7f37102a0f5197eb1f SSDeep: 24:d9tVcQ3zt+KjMARhs9nwJwMrdmzsMhVk5/eyt7A9KMYVP3NY3z3m8MGQ2bkRyIaG:tVttMA8WJwiCZhVkRtq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip id-bry0hIIfVldG0S8v.BDKR | 43.00 KB |
MD5:
dc763c5a815b15430820430d6217a6b3
SHA1: dced9d9d8b2e0c5110eb2152c5a37d234a396414 SHA256: f8ede373c0b4abb1b0976c2618d6ba41a6cb739d59b873fe9264c5c76022941b SSDeep: 768:66St/MovCVve+czsM8qKaoXk8HRMHYSyCftKmKSHV5aOEj6HXrQ2OPPHs5V:6jA9eNzsM8qAHRE1KmR7aOH7xOXc |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7pTl.mkv id-bry0hIIfVldG0S8v.BDKR | 62.63 KB |
MD5:
1970a81d3699d2107da9eaae53d08424
SHA1: 5f3e7e4b0abee993a06f4e581b1ea7c319fe9ebf SHA256: 164be9739678963a4273d9ae85e1c182a10f9ca901ea55c9f7308bc487984e87 SSDeep: 1536:RE0noYxw7/I6BGnH9AAtfS7uamiPBelHlqPMu:3xwTGdA4fuuUPBeNle |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iAeOeT.jpg id-bry0hIIfVldG0S8v.BDKR | 97.04 KB |
MD5:
e0757da2120ebaf4c6d0c51c2c832559
SHA1: ad5fd5dd74e44c617c38631fe8fd808b5d4d8431 SHA256: c8dd44f55f5eb73063f508ecfd5e595e4346e0af4e7a7890302051f95041d603 SSDeep: 3072:/SNTrt944lTjTC77s4smt8T8EBa5euEBi/D:/S54QTjTC77s4sW8T8EwEu1D |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url id-bry0hIIfVldG0S8v.BDKR | 1.63 KB |
MD5:
d15d4b5e0893d76521152b484f13c5cd
SHA1: 1425da00f387071ccab91042334b62ed8326aff6 SHA256: 4145940e50a8ef1595a7339748ed4b01ec7e463c985fad625477b80e6d7795d2 SSDeep: 24:HhjhCfzJ66kodDNcWwhEQmyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5Wcw:/IJ66kodDNcWwhEQFq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url id-bry0hIIfVldG0S8v.BDKR | 1.63 KB |
MD5:
e22ce0d543adc971a43b3aa1c0c09179
SHA1: bf258a56153d825ee1464ffdcad344d726253a7b SHA256: 56ac69b9e747ff85ec3cdb00d64ee0ef97136cf4ac33aa5b35975d7b9e63017e SSDeep: 24:IiMHvF9Py4NFaRyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:IBvFRPFaUq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\8YBa.mkv id-bry0hIIfVldG0S8v.BDKR | 45.29 KB |
MD5:
2913f2e3c9705edc994484abb31db964
SHA1: 0281fff33923391e5ec320dbc93663b447afa129 SHA256: 338b8051686f51dfe6469edd393d73293cff8961d277131df15874bd91373dec SSDeep: 768:SOilrl6TcwP4JKTBnRKHTCE84iXQCIQMlYwXdIb7VbuD74nyB:SOsrScwPDri+PUC77wXUpuDQi |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR | 1.89 KB |
MD5:
92e363ee9ff8d3c20a63c726db116229
SHA1: 235beaa3b0fb40b674fd982562b520f4a2481d4a SHA256: 7dabe67f018ae48a8d21eab39432d173dcfb389bd9fb286e7816a8ee3f460e1d SSDeep: 24:pr3/8fP39gPvVcpbab0aHMUrwGlAIyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgi:prP8H39glcp80yrwBq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url id-bry0hIIfVldG0S8v.BDKR | 1.63 KB |
MD5:
734d93b90317e27590deca88f0c2b667
SHA1: ba40a88969ea79e9d4cb97259b5e377244284f26 SHA256: b041e4f9ae8e4be70ab42077903c438d474951db15462cd6e0d9b13991f94e9f SSDeep: 24:pem4si1Ru2H0qAmDPDHjEfyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5Wcw:pem4D1RuA07mDPDYaq4YJI+8rlf4I |
|
|
| \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT id-bry0hIIfVldG0S8v.BDKR | 1.67 KB |
MD5:
4ce68fe292679057fa43c91f242e0a13
SHA1: fdcdace9ccfce1737e425bc60b205aa5fe5ee34c SHA256: da1019cafacc914ddfd19301711e909fb155fe3ec0566b13f86f6e401c710c48 SSDeep: 24:08y9Bc3mYC4loxiNQF572GSD0eUA2yt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgi:08y9MIuQF5KEPAVq4YJI+8rlf4I |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi id-bry0hIIfVldG0S8v.BDKR | 2.40 MB |
MD5:
57f2562f705f46d61d2489aa0ec06a3b
SHA1: f1f8e9c802f031f01a3e0ec232aba9a346760157 SHA256: 405f8f6f48dacf4ab2b95acb4addb0fd8e3c7731032c4098b9da00e08d0e106d SSDeep: 49152:NRd20FpgIGemqzyubbR1dTex4S120ytJyhaLz6CCHmG:/d28iYbRy1oLO |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\wP80jSXk-sTG.mkv id-bry0hIIfVldG0S8v.BDKR | 6.33 KB |
MD5:
fbda6468d995b06f5621b8c280eadc19
SHA1: 4db42f86a900c0cda4cc38d78abc299cf8cb7dbd SHA256: 9098beb5fb97d51048bbb6a849f78e73699ebff802f20803601a6093d92597da SSDeep: 96:wbcdr997Gs6i+rUSkKzLDdx5dvZvxocAmuH8ccsmL9NFMoAPTEdLJrI:wabGsarU1SLj/nAmIY910EdC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages id-bry0hIIfVldG0S8v.BDKR | 9.50 KB |
MD5:
8017995e48ac446c33a226fd66aa3952
SHA1: 2755346812b60ca1f83db312d1546ee34c9d90e3 SHA256: 197ea9f0f8e8baa98bd1d3c0cd0dad3f3a37ea026efb18bd052939968214c80e SSDeep: 192:bwF4h8wpKIdLdA5Ym07pkNfXqUhVJz0GNDIMtaRbVofpKC:rlpKepkhVJz0IDBweKC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms id-bry0hIIfVldG0S8v.BDKR | 1.74 KB |
MD5:
a6a8c8e24022ae13f9141bbf85a7de7c
SHA1: e87c6b1019982607aceb9e84132c88d315e5de55 SHA256: 176ee2903abb87cd156def082e76fa298e05b2a6204de3d1b485ac062d814f93 SSDeep: 24:1umfA9qxsPi5ni80hYlihv80ivSyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBb8:YmfA4xYLYUhv80iJq4YJI+8rlf4I |
|
|
| \\?\C:\Users\Public\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.87 KB |
MD5:
85c683e06497c14985ac7d1db4504f24
SHA1: b8ee97eb4ab743653699a43e16f3d6d3553d409d SHA256: 77d51f4e8d68b5046f2f2df2eca0de3a9f64cf7fb77774acdf3f855bf07d6d6e SSDeep: 24:2zdg3tYYzjkwaxYjIAXM6iSRnyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW8:ydYYItaxYjIAXt0q4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url id-bry0hIIfVldG0S8v.BDKR | 1.72 KB |
MD5:
7b09517bf630861f8da72e5c6d7fd40d
SHA1: 05f22e773b4a3fc29a02e008cf029268c5f7c241 SHA256: 1bb1fa3790f6a2604237ca73c785ab6811a852f66cd6e9ae7c7df8fc7ee782e7 SSDeep: 24:+c/Jyz1YhOiRyUhRk2jyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:+kyBiRy65Oq4YJI+8rlf4I |
|
|
| \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT id-bry0hIIfVldG0S8v.BDKR | 4.00 KB |
MD5:
33c5ee7119d4836b1e093a0c36af88ba
SHA1: ee3fe1a772f8f7a8ef4d740395348133bb0e7e6f SHA256: 2a1b9d0d78ab2ffdc806cd9ce2842379b52373dfbcb34e7f349eb15c9f16b909 SSDeep: 48:YM14PDDIe5KBWO8hZB2mGAlPpGn3wQ9/eSKISNrNhjWAc+oFOJMXvDq4YJI+8rlf:YMEDVLDhZBBs19/pknC/dFt/OLJrI |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Lhdb7FgPQ1J3_Q8MQ.jpg id-bry0hIIfVldG0S8v.BDKR | 54.87 KB |
MD5:
8314593c3f8d83d448bb0d8164ed0227
SHA1: 6b0793a9a93e2fdbdd2ded0cc779f556619c1642 SHA256: a3d2a7a3e75ecd5a7f15a5f1cbdecaf50ebfdb7eec48c136630fe672b6f8025f SSDeep: 1536:W1zDCiynXY3sW27VgG5j1u3wBUf9poxkk2AGK+cF:WJDCXocWTG5xo/oxKAGK+cF |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9NWJiKv80-C.jpg id-bry0hIIfVldG0S8v.BDKR | 42.67 KB |
MD5:
440ba055fb8d6dc7d27ce0ce894aa35a
SHA1: 7849d1b30a863d8546395b83b9d6d537f0d91b35 SHA256: e95b9f9a816110fededa3e054e44bfb0f803559b34ca79eefd03f7d50ac8e3ab SSDeep: 768:zZ91k4/bUat5h1vW6XaFcvF43XcJv8AmwOZCQTHxp/c/c+Dn0cZS7s3IM38Bpwir:Fr5ZL+6JvF43cv3UwnDn0cU7zjwinHL |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\CouoxFa1.flv id-bry0hIIfVldG0S8v.BDKR | 52.55 KB |
MD5:
4312be93e40fb02c91200fb97fe365ad
SHA1: f061930b46dc193a590574646087c6d21edf0e0e SHA256: 2dcc63c28404c605beb7cee9703b34b15341e24d93399992063e4b31fc5a108e SSDeep: 1536:TAEkJbtynzZFZTSmYKvQQWrNsSDyE3rCzg0:MEkJbtyzZF4mYKvQLBX13mzV |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\kTM8.mp3 id-bry0hIIfVldG0S8v.BDKR | 93.20 KB |
MD5:
1643602fadeb84108d54d6cbeaa11efe
SHA1: ca66317f50388e9bed42ede2a12d0821d0e764d1 SHA256: d7b85aa45bca48d87507d86bf504ddf89f1e36101f7957b842b07337bd072644 SSDeep: 1536:rDeTQYz1O+O8lZUZF5w6Z4w9eT55il5dvu8KE0LZ3qgZN2Rx8ST5GgIo8hgOWvbq:e/3O8lZUZQyHMOuZE0pluxSgIo6gPENX |
|
|
| \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR | 6.12 KB |
MD5:
099eb4d6f90eb8dcfaf0f5e9e69cc350
SHA1: 36b5bc709815060fb8e2b9ee218745ea2a8957c9 SHA256: f38b4956aed2ff9a8d6704e337b6b5d96062f62d7155189c33029f8ebc2d3938 SSDeep: 96:dNxyVDAbZ/5m7v+hC1zETX2SzCmNrVw4LUGUiaas7+CIGwhZsLJrI:nWDASb+0WV3TURrAGysC |
|
|
| \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab id-bry0hIIfVldG0S8v.BDKR | 3.91 MB |
MD5:
54f2948fa040ad05b6b004f9f5a2b575
SHA1: 51478d55d1e114e938d5ad40560181fb7eeaf0c9 SHA256: cb713e40d1d0600b76851aa023e28ac9cb5c6fca3f21e162ad0a2268d274e5d9 SSDeep: 98304:58ZLnjNjye38Cq3Q3o4go90+8DInrjxrXg5l3P1LH:GZLjNjyQ8Cq3Q36/+8DOx76/1LH |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url id-bry0hIIfVldG0S8v.BDKR | 1.63 KB |
MD5:
6075093bf457c8c2ac818970b6f959cb
SHA1: 3365505a0a0a309619e5db0bf7e479bce4fef3ed SHA256: 055dda57246ff4211c33028788e85e4c56b9aca8ea92a5bd4e534117a987b442 SSDeep: 24:9SaJaP+/y96ltS+Ivyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:9SaJD/a6eBqq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.78 KB |
MD5:
605ba1c86a5c4ce093d16b2384a76d76
SHA1: f72ba60650b6b1833197d6cd4948a9134f267287 SHA256: 0e10069251ff60bc85aef64a5cab516b524309b23a9ad1908f1c459cea58ade8 SSDeep: 24:VqqB+9ZNunAQyclYba3jAuUoAyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW8:4e+9zi7BSa3jAGXq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AagfwO5FfrKxIJ.gif id-bry0hIIfVldG0S8v.BDKR | 16.41 KB |
MD5:
e32e0b213619aa4ef35cda361bc6711b
SHA1: f31b683bded79c8cef9137c5e2954e65c721f439 SHA256: 9871d9cec2c4fdcd5a155100c78ed5328e4b801603dbefe08217a4ff2d2599fb SSDeep: 384:fbNBCaO1RKbcGVfzbcWxd26LrtYIcyxzB0CuxA/C:RBCVbGVfzn1qIvzQGq |
|
|
| \\?\C:\Program Files\Microsoft Synchronization Services\sword.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
98a2d1f2b865eba3b16561b4fbde124a
SHA1: ee3562ed363c2904e5301d74189659c31afe9c4a SHA256: 5a3789ce3ba2bb493dae79aa4be77bdab6d60b54e0e744ce2f42b11790f7abe4 SSDeep: 1536:fEaaa+K10e357/FSJ3oaotov3UyhoiXfftr4DBcSRL+8jSs/kCDC:85ajr5hQo7tofhoiXtrWBcSRL+8jFC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aTwMt9g.mp4 id-bry0hIIfVldG0S8v.BDKR | 32.93 KB |
MD5:
2e87d3a6a13da59eac0d7c77663182da
SHA1: 8b616aafa8fff2774b412c63091affacc0fc1583 SHA256: 1067a7c8328ba64c9a35f20110a8efad5bd8262bc89a5ef60465ca8fd8dba907 SSDeep: 768:Gm86U/7FbF98JxAxCA0pgZSvehQoLxgVRoj6XLRNuy:PU/FX8jAMBpg0vehm+j6XLd |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi id-bry0hIIfVldG0S8v.BDKR | 2.39 MB |
MD5:
177037e5b5edbbc61857d1a199559bd7
SHA1: 933d106284abdee55cf049875ca14036f9a493e2 SHA256: 8485cd217d485fecab34bb3eed0deaeffda4e11ac9142d7c421ad16982d4eb18 SSDeep: 49152:uJVyJ8YiSnIVsPY76bfgsrGX5dTex4S120ytJyha16CZtW:iAnpqsPTme1oA |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qUPt7PlaxE1RY9rpDm.m4a id-bry0hIIfVldG0S8v.BDKR | 54.23 KB |
MD5:
bb4ec5b94642e15cabc7d588643da490
SHA1: cf35780ae02dbc7dd1c992df8c0dbcafcd692a44 SHA256: 6c4c6f48a35a1ac332499f924250215b4973abe3099e6019d158b0f69ae260d5 SSDeep: 1536:HVWdSINDc+7KR7Rhec/8IigMW3hAcDhBU:mtKlLecE5WRR9O |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\33UdZO u-6J7rJrw.pptx id-bry0hIIfVldG0S8v.BDKR | 81.99 KB |
MD5:
276f45e66916bbe5bb9abc0a89755587
SHA1: 3524a86ce978b4898a64b461be977a6d54f6dcd6 SHA256: a38b092596190edff89e6765f93ac199e278fbe6c75f652367ce086f6cf665ba SSDeep: 1536:sAZ1tms/NbDZM0F37UNtSsEhCLfAnyOPcf3E2G1pnSysuwyeap6PZp8:scmcJDZMIQ3SxCgP8Deauwyeal |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dJjV63BFqSdhoi-qlwb4.swf id-bry0hIIfVldG0S8v.BDKR | 53.61 KB |
MD5:
8689e0348fec81725b75add1e3863301
SHA1: 86907c98d1575f071ea9178a57174120d398e816 SHA256: a2460627ea8e64be66bfe26b45d46988bd306b16db1e03906f6cc57e59aa69cd SSDeep: 1536:aTCk2FvETR+SXC66CN3E+SfH/7cKL4fkRoE6Tl934lyi3qL:aTCk2i1FPEdHekRVSlF |
|
|
| \\?\C:\Program Files (x86)\Windows Photo Viewer\motorola spank thomas.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
a5369a71f79fc1ebc19659e7847d3eb5
SHA1: 59a857c66e0d80b2cf12df566fec82d4231b2bf7 SHA256: 38039cfbc9c337fffecf30dd3db56c6b08dc38496dd7ea44a35fa9d8575ba99d SSDeep: 1536:XP4OfQFHKvvubM2glB1ZFNugwcXv1HmMzp5hib6SvTr+:XPHf4K3XlDZFNKAdZjiu |
|
|
| \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR | 1.90 MB |
MD5:
fc817d46c4afaae5b19f639df294a12a
SHA1: e38cc40647ebfc5ade54da223a1068a419082035 SHA256: b7eebb5e80eda1dd3397c3f808644b501564bff27679722ceb524208ffd863a8 SSDeep: 49152:38j4i+MxuhVLNdQqq4u+aPSHGl0BqEI2Ss:sjhurbQqqN+a6VP |
|
|
| \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR | 5.67 KB |
MD5:
ec29c5eb6891667052a7e8590d6fc87e
SHA1: c0f89869c5c478be92750ba172465b830391cead SHA256: e1315aa2ae2b1c3149cb2b622d768e7aae2b609f0c2b7ef20d6ee9de9b6f968a SSDeep: 96:kyab+OB3oYIwpPtMYkBbtH6kRS8wAAkFoeDjtAnH6+ilLN8kqWm5LJrI:kyabnBQwpKYkPH69ALFH3Wa+ilLWLC |
|
|
| \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK id-bry0hIIfVldG0S8v.BDKR | 1.64 KB |
MD5:
3549b829c8bf1f1a49c6ca3d17d4ecd6
SHA1: 4110cf5cc87b87a0dc235771bc8e195d15fb0d7f SHA256: 02cd8fc28de7aac223f0ce95960a36a765a8c54173718a2240d943dc4d28bbdd SSDeep: 24:Qjkb2Ty9iXyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:Uudq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\YYxxAR3wBsO-qZ5.wav id-bry0hIIfVldG0S8v.BDKR | 31.81 KB |
MD5:
0207ccd021fe4feaf9710064241ad9ba
SHA1: 9148ce7f2ca9869a75f3f5ce759b696c601fb6a2 SHA256: 895f45b8bace8e08c26cd1adc95c4d77eb8fe31c9ae2b866644352ae6d6363ca SSDeep: 768:Gfu1bqrlOqV/8ZFQfdwtfbLrjfvEmA3bgjlHrc:GfabW/8ZFQof3fcmVhY |
|
|
| \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL id-bry0hIIfVldG0S8v.BDKR | 31.88 KB |
MD5:
88a9110ab89a2935447d498732971cf3
SHA1: 1624cbb0c897b406725185c69306b9420be35e2a SHA256: 6bf8fb76b276d7be3d8dc802cbaf7c083e0e2ca5762b485c650b92ac08cd7082 SSDeep: 768:rKNwimoxRX0oBUzuQQSsyakSY64iTtt27C3bWPxzH8QDkI+jS+1Syd+c:rDimoDX3OzuQQSfakSYEs78AHDkHjSa9 |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\BBn5CvTVgKWX.wav id-bry0hIIfVldG0S8v.BDKR | 76.57 KB |
MD5:
336fd45e80deb05bb5ac47e0407be7e8
SHA1: 6c8df5cf9bbdf984b8d3125ee8f08419f651304a SHA256: 8d5d70d4aba8caee4a0cce231a03ee2186a790e583412c5e7f6a8a8d7cd8e355 SSDeep: 1536:hzYmvWmMZzvSb8R1q1zg9W6JUwuuC2zQMPOg6NiLjq0Lry/J:tP1zOW6JGIcMPOgBL5ro |
|
|
| \\?\C:\Program Files (x86)\Microsoft.NET\browser accredited mil.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
da7346a53c62b39276b50798d6f6b57c
SHA1: 565d2fdebcd6713175db31cc5e29e10b9ad8227a SHA256: 1517de1edeea9689667ea4568aa8efe510cd36c81bf5ff0481e74280765422e6 SSDeep: 1536:OrguZwDtDjdySaTqJnNFkGF4aJ4wnsX7e3DEoJkSryrF:OsuZc5pyUbHFXjC7A4o6rF |
|
|
| \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR | 4.02 KB |
MD5:
9016644bd719e2bfd0aafaec9b47a633
SHA1: 3d7fd3df0199bf973d3991f36fa4f4fb5b12a6a9 SHA256: 0d4a9239baf55f110f2711e20109b4a2d0449c7360a45756abe4b446673dfbac SSDeep: 96:w3BGuV5DDsHxCUL5F8bIkIcLx8GJf+xLJrI:w3k+DDUx5OhpLqGJ8C |
|
|
| \\?\C:\Program Files (x86)\Uninstall Information\traditions.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
ca7769cc76c9e89667c21d74ff536444
SHA1: aeaa4805c311da6c4bbfec4a9795e7969372420a SHA256: b9d154cf58ddff675fe1478cd475668beb482ff005d1a5033ee64fad7c160a64 SSDeep: 1536:HEpHZ9jBIQ9ltJo091jbvSI6mIu2MHNDMt8X/5vxoq:HEpHjNIIHB7zdmGQCBpl |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url id-bry0hIIfVldG0S8v.BDKR | 1.73 KB |
MD5:
68033e6e4e3340a479a1510efe96f070
SHA1: 0480f56721f72843b7aff59b69300779914c1fd4 SHA256: 22b34ec6a871dfabed9941bb961fc15aeebf8f78d2fe7d785f37b88484d2f8cd SSDeep: 24:z45m+mwYH7wyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:0myYH7Hq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\QQm9 JXI33bPKtzQI.m4a id-bry0hIIfVldG0S8v.BDKR | 57.45 KB |
MD5:
1e03262e8da850ed21c31d34fd58c0d0
SHA1: e8c8bf606f160323117299ba4b3e2c985e01e2a4 SHA256: f03ad9066bea4a8032144b49bb7b3ced0d148c0e8da88b6a3543f6b69f8f6cd2 SSDeep: 1536:sclaJxNvLWn5Cd8vFAlmTpP0oTDcxpFhCR/7p4oP:scsXFWn5CyGlmVlTkw7JP |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qMoHu7gI.flv id-bry0hIIfVldG0S8v.BDKR | 51.55 KB |
MD5:
d99354bfdf21e3f6f18048149a743abe
SHA1: ae8b56be8459f061b73f0315ccacb94ba528cff8 SHA256: c3a004dd0db9e90485383ceabeebeb5f8d439c004a19d16ecb903b19fa6d9b7c SSDeep: 1536:pr53xdV/jmVRbeBwlM8YnG930aK9wL7KAIT:pRxLmRbC2YG69hAY |
|
|
| \\?\C:\Program Files\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.67 KB |
MD5:
5627575c2d68077c10c443eb6ae0253a
SHA1: a8b418afd8bcf785a3770c442d36d16c74d68a1b SHA256: b5d55be4a896ec4c8bd8f4f3e29a78d8955f2f3db20b1732827ae348b7b39b0d SSDeep: 24:jI/3zO+ryk5EBefyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:jOO++22Pq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6SgVBsYZdT.swf id-bry0hIIfVldG0S8v.BDKR | 49.32 KB |
MD5:
87e95a3d053e8d16db969a160037ce06
SHA1: ee2f9d6cfb40633d28f697c1cbc76f308c5fba0a SHA256: b65f27ec55c39daf797b1bdb629d96c1fffb5947f19ddfdb906b92ce9d0ac420 SSDeep: 768:ua82rAk1vEj/CG9u9sp8SbsdHhQoFRQ0PWpqWXntL3/5mJvgUVo4l:ua8eAk1cjaGE9OoP5FRP+3tLhmJv/64l |
|
|
| \\?\C:\Users\Public\Desktop\Google Chrome.lnk id-bry0hIIfVldG0S8v.BDKR | 3.70 KB |
MD5:
48c3d5c3caea2f710fa5d1b0c2ec23c3
SHA1: e4bb55e952959bab29c52ce186f93257199f5a8e SHA256: bd57b65870fc7ec49251fa597e73baff2ed95bef6fea93ac28cdad482008cecb SSDeep: 48:PhBj2TH6RLPytsErUv7cwDrR/sQJLjR8KaBdDk/ZPTEiX2NzoHH5Gq4YJI+8rlfX:PhBK76RLqtsXxvRt8dBdDkxX2tynLJrI |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HQDxBZD6HlJy7LLor.m4a id-bry0hIIfVldG0S8v.BDKR | 14.13 KB |
MD5:
e25bd90de064c5b67885474c65af25f8
SHA1: cc1cbe8b3f6a8e9adaa63d45fd27eda3cf1c68ee SHA256: c3e195cf4e28ccf640880ff3c942a3ebab7f54bed893d9f080ce32cd7c22d938 SSDeep: 384:ds8nEIuUqsqjIf5+2sWVKG4QxypLGveIC:dnDnh8V3QxypLGvu |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR | 1.97 KB |
MD5:
da7a72a26bb9a39946779886ae973bbc
SHA1: ac02d2a303cbba64d69d26211283b12ee45c65bd SHA256: cf422c77f35be4cba6c41d2607c7e6c18c71d4ce999d2ef6d5d31cae9c2564a0 SSDeep: 24:MP8WWDVLWP+v88hFvDk1jkktfw7yt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBb8:aM38jkyY2q4YJI+8rlf4I |
|
|
| \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd id-bry0hIIfVldG0S8v.BDKR | 1.63 KB |
MD5:
589befb430425e842d8b18fdeb0424b4
SHA1: f0c4af4627cd8b199ef0ddd8276375adffbdc7a5 SHA256: c45f9a34aa77f288bc5a548b13ed7033b7df32b5c2cd729ca45afe796b16bab5 SSDeep: 24:qMKY3TjcCEqnyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:q+39Eq4YJI+8rlf4I |
|
|
| \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-bry0hIIfVldG0S8v.BDKR | 16.12 KB |
MD5:
074009f5a5fc2de61e8e8e2f8dc3443f
SHA1: 4fd80c091a9f6ac04458d9935b654d4dc4c39f7b SHA256: 0a9577dc38f41e7afe2c600110a5e3c75d8760a3373c6a79e0b082c6617e3895 SSDeep: 384:/w4Ztph9QsDb9l2WlWn8lSDOngkY/JP6uHVme2+y1MXD6C:/xLlWn8le34KVme2+TXDD |
|
|
| \\?\C:\Program Files\Microsoft SQL Server Compact Edition\cat.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
79de45cb1457cdd36c57ab2a80e65d85
SHA1: 99f925a4c6cd238a4cb7f194dbed72f1300b9dd0 SHA256: 8decab9fdbd7e9d8f3b19ffb65fb915c1aa5ebe53270ce54c224ee9639916539 SSDeep: 1536:mVCxL6tk2xhUakM1ByvzLsrkIlkj24h35VWA2nXEuPdBXekL:mVCxLX2xhUlaCnsrkIlwh35UAruPff |
|
|
| \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE id-bry0hIIfVldG0S8v.BDKR | 532.07 KB |
MD5:
bef6c84fd4210e38ad0d7a3012c677bc
SHA1: 924f4d51703bb3da943d3671ebb010799310962f SHA256: ddc709faa8110ab685075b1abbdbc5e81971223d9d52c5bfb6105900bf7a1789 SSDeep: 12288:wyrHf6TGKKnjXHvk3ZiCzVnPFqBL/rauwO+1aiBLaJS/vhJD:THRjXEiyVW/uuHGh |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\vlkjgqIMwZdhJeRkz.mp3 id-bry0hIIfVldG0S8v.BDKR | 79.76 KB |
MD5:
e875393964eabc6de9d2dd845c8fbe7e
SHA1: 7cadffdc69449653ba14adab43ce6301f426a7e2 SHA256: 4121cd3750504e122bea60da3c4a8b972523947db3ac5a2a6ac57ed8d727e5d6 SSDeep: 1536:iEDVejB2Y25Up2Lpbshqo0dAFZU0p0JV0NPT:iE50BwL+hQiFW9Vc |
|
|
| \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml id-bry0hIIfVldG0S8v.BDKR | 16.85 KB |
MD5:
a92e62c9436968fdb6596dcef9fb9cd8
SHA1: e16d87e59a1ab7559d5e01285ea24e438031782b SHA256: 3a4ef8ffaf881154efd0ad3173383bf4ca1655415fd925d2ea5ba04f6ebe4c6a SSDeep: 384:a73h7l5NDb0f1jnZNVIKsGunJhqEIXpeSXG+Wc6n7eQu0C:EFF4f1CKqXqESosVW97eZ |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bVC-tf9cuKZd9WIKBbf.gif id-bry0hIIfVldG0S8v.BDKR | 93.82 KB |
MD5:
7df03fd6beeaf5f99b0d99b6b2fd3175
SHA1: c0fc6030185238e4d6910d123f6fa2e5658c7844 SHA256: bfffdcb6a75471688661a49c3610d9c66b5f8b865214ea464e05ad4276b67126 SSDeep: 1536:8bgwhVR8WIJMW5pGgQ6mqK+YdvuWdal7u9e1k5a+WgrTyPnqH3Vx/Hym9s/enp6t:Gj6WRMwAK+RWdR9n1rKqHX3EqH8 |
|
|
| \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log id-bry0hIIfVldG0S8v.BDKR | 8.11 KB |
MD5:
3a28f312d8a33ffc5dd145b01de98a2c
SHA1: 3b63db53608a241a4b591c449afe3a6381fa75df SHA256: ae5ec292e88e75d469613756b488ead3ed98c7ae91654a208529a463abcba478 SSDeep: 192:LAdtZ1IZMft+Sm3xwpmKGsB8Zd0e+uKUn56C:LSb1Iql+SAMmKGsB8Zie+uKCAC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.99 KB |
MD5:
a6053afeed621b1bd177e1fcb9266a88
SHA1: 890ae5c79aba196b88ea26ab6465695a05be7085 SHA256: ca34bf83106e263fd21b866060b6dff323de8fba58a6aa8c0e5d755bca6ec132 SSDeep: 24:QNZfJ2ut+hb7n6rs6m89/SrnNa+3zvQuQM3yt7A9KMYVP3NY3z3m8MGQ2bkRyIaG:af0hbD6A6mm/0n9QuLCq4YJI+8rlf4I |
|
|
| \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll id-bry0hIIfVldG0S8v.BDKR | 207.41 KB |
MD5:
94078855f7c671cb315994c35a752622
SHA1: 521f98e7be196e760f1f8e5a23a926f8b58956b2 SHA256: b69d046ad4e70f188b531b5de650cbff397eb37b99df0413feff315599bf4739 SSDeep: 3072:eBOlGScfij6jRN0Y3f7ieCzR4B+LGE+gwGk6r4jPnAHTWnku/Kx88laI9TPF+iMx:cx6j6v0YWe4R4pEGWrCnA6tCV8qPA+Uf |
|
|
| \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR | 8.46 KB |
MD5:
1672d6009067a882f325133069780bc9
SHA1: 3873351bda7a074ff354dbd696e3eabc8d7f47de SHA256: 5dc82476437d825a76f5e6f3de34bcb30d4cee10681c9061048ca6c3ab8498c1 SSDeep: 192:J+t7sCVWDtfxbQdKvjhUmDWi9EOO++SisUOWY1HTJEYCg0utC:J+trkD1FQGUmDbVO++SisUOW0JEmPtC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6tU1DrgevnlBIXwjA.mp3 id-bry0hIIfVldG0S8v.BDKR | 99.29 KB |
MD5:
9a1b566a5049b8c5953e3de5d4527d95
SHA1: 37de813cfdbfebb8c2674095609092561fb6560a SHA256: 371771b39c6fed0331a5d99db8f21ecb9b3db595015bbefbeac61711c2f9ceb1 SSDeep: 1536:S2zKrxUqnGvp8jVqQ//PJGOnfsiO5lIqBj+KRoPR1yxU4wtk:hz+er9G3hsb7IqBZRoPPySrtk |
|
|
| \\?\C:\Users\Public\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.67 KB |
MD5:
9f138a17dcebb5c64c9d243c6956ab35
SHA1: aebd3974b476308520b893bd4c32e0eca0ee4db4 SHA256: 887992bfc76e15c752ff67632bc0a12fdc39bb59e0505c1f9fab804ffe86fd2d SSDeep: 24:hGKNfjyWzxuxaBKFVhRqpAyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5Wcw:hGKRjROLR4Xq4YJI+8rlf4I |
|
|
| \\?\C:\Program Files (x86)\Windows Sidebar\mold.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
4b4943adb26080c61fad0f507920ce90
SHA1: 94364f579e2a854b02ad3518f2c9fb1f2188c9a6 SHA256: c746479bb3fd3bbf6c9a8647a5b44c034a931b73b08ec40da07f6de62adc6bc4 SSDeep: 1536:RySala7kaYFNeDW9TFHYNmqa8RgIPTXjPGyhcRLfOxe4oZr6Mr:8LlrFFNhj0tBgabGkcRqxe4Q |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\90gCcG7fd.mp3 id-bry0hIIfVldG0S8v.BDKR | 33.42 KB |
MD5:
ba50b940571b551c2742502dcb997eb7
SHA1: 04c0d1976c0df36714be4e6929576087eeeeb311 SHA256: 9facccf723fba8b337df455161dd930399f4cd1615356e014a335b78853aae01 SSDeep: 768:qz/4yrbmmB/Kg6pOE+/yDSbQjuR2azN7fpimGrkO146lVprJn42kj:q7Hx/Z6pOHyOkjjg7fpimP36VpVBkj |
|
|
| \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR | 6.12 KB |
MD5:
8854cd5a5501ad02f96f0bfb5be42e55
SHA1: a4ca49dad9721c6080d147df3eff11a65c65c212 SHA256: 5dc6a962488b8a043fabbc0ae80da6ad8614bbbb68584b5599481ab27ef4db07 SSDeep: 192:lDPi6zVYYIUHAko8yt94o0BQ1v6/NVPHDdIbfazC:5Pi65YYIUgkut94/G1v6/XxICC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\c1M5lwW.bmp id-bry0hIIfVldG0S8v.BDKR | 50.48 KB |
MD5:
afb9a21804962fae44c88d52b0340050
SHA1: 5fa3820744bc7b1a49c81d35ae0415bbf1e3b760 SHA256: 9746e5c45865d4c276d1227b58182f776b9220b13a2f5a06eb8bb2d3fb2c7416 SSDeep: 1536:tryhdTG6LINy7FbPB3PGozu75/PHuM8/J2:tGdTGuzlGOc//uJB2 |
|
|
| \\?\C:\Users\Public\Desktop\Adobe Reader X.lnk id-bry0hIIfVldG0S8v.BDKR | 3.48 KB |
MD5:
5f5d225f21ee4d08e8790e2632bebba0
SHA1: 3b0200b51986ebe25147897daff88d637c7e59c7 SHA256: 0ab4b8d183221c74cadc3e859dfae6d8c8cd29c2c64dd016db7fb3a39c452eea SSDeep: 96:VlEZ7ej+9DPvyOzvS04Xr1Uhdh9bJs6LJrI:Vl8vd6OW04Xr1Uhr9F1C |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 2.07 KB |
MD5:
06e50b2d51abf67d88dd8a7015dca069
SHA1: a66ca9a87cdec1ca2c6e03ff327507ee9556dc3c SHA256: a74b86983e490edfaf1e7c670773661d8a30d5e1edf0f305dbe7503f8fe78a8c SSDeep: 24:NffkfC2kceB0VRb0j/iXuEQIr6eLMCyLfyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58B:NfsfCXcdLr0eov2q4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghoVSrE2rI.png id-bry0hIIfVldG0S8v.BDKR | 11.16 KB |
MD5:
8c49d11a53d8e893ee7b37665d237d63
SHA1: 6404926582bec889813327f03edec28e35b45f11 SHA256: 200fcb52c2988d39a1fc49e965dd2cf42a44522d48f05d8b490cce92c2b2025e SSDeep: 192:1UxWNXM4IUD0XbRWCxfDvC/tyDoAoq4gvpwekimn8rRZ/jocFhLC:1xNXMZSGQCxfDalcHd4YW3imn83kQLC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\IEaKhwDUaCNJ5.mkv id-bry0hIIfVldG0S8v.BDKR | 84.79 KB |
MD5:
07ff7eea3ccd46e37d9c657621c74471
SHA1: befe0248b8ccd2054d04bb1dfff5d767f444c128 SHA256: 9aaf061a9eda0f958f0de446211d6f5d26ec3c9ff790b34d46e4d1348be83443 SSDeep: 1536:OOMiDrHXGxGeDHusMZkUcevz/y5tlhBJtL5pK54U7g5tIS6LREfBgW:P3HreDurZk4vz+tlfWg5y3Wft |
|
|
| \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK id-bry0hIIfVldG0S8v.BDKR | 1.63 KB |
MD5:
daaf30229d921cf064bc1f90300f22fa
SHA1: 0d87b5772895f5d1203911f26d321e9de4669536 SHA256: 37560690709c794dcc7dab3aa40918ffed68372b7406060b862441a5f7068791 SSDeep: 24:cYlPix/zUfSe602TwoSrhRyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5Wcw:cYlqxrUL6lTUUq4YJI+8rlf4I |
|
|
| \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi id-bry0hIIfVldG0S8v.BDKR | 2.40 MB |
MD5:
39a5b96e63ef539ebc2d35afdbf2dcda
SHA1: e7757486bfcc1f0481c851b0cf5f59d21c1f4aea SHA256: c31a5d3f1aaf8363899a9752f9e4142b6822a0fa88b520c543612863552acc12 SSDeep: 49152:CoDdzl/+RrzFRi6VFhKvIIQ5HRYnSt20yeJji34mElfaC:N5zlGRrzFRimFhSIkqA47 |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.78 KB |
MD5:
45ae9046c76e913b6fcc30aa2e3292bc
SHA1: 61c9a1e10d673507c4ca5efc56660733638c047e SHA256: 2ddf477d85650547545d2cf89b2ab2dc6d76ae9e555191019e989c0157171872 SSDeep: 24:nVlke+/Lb7jmrCXEwQsj8Ryt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5Wcw:VCxbO4rQsj8Uq4YJI+8rlf4I |
|
|
| \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll id-bry0hIIfVldG0S8v.BDKR | 114.53 KB |
MD5:
d7407bfe931489d4351b9d03ea6e939c
SHA1: a487c862ee785d8bcaab622ccadc4058e084efe3 SHA256: b278029dedc866bc7d4c47b1db91cccb0749be3a96fdf48398176dbdb7b995da SSDeep: 3072:6iw8cKXmQiIuzKOg3N13thmQzG9Z4wKqZYl3AMu5mpL:aumQiIuzKOgDthmQzG9ZFYl3GmpL |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\3giUFeu.csv id-bry0hIIfVldG0S8v.BDKR | 6.58 KB |
MD5:
c9ebcf59b31e9501452d3048cbbde1f5
SHA1: 718d570d0838ec9c71c58235d4dce7d25569e6ab SHA256: 33bc454aa624dc7c6c6f0d8f6c107867be7210cd626a957f1ce4424094c411ae SSDeep: 96:dgJexVFeAIcsrriGgFIyfh2M/AmwnwaS/YYbbeHFnRY3TrTBPLJrI:dhxTsPiTZAmw1SYK4FnRaC |
|
|
| \\?\C:\How To Restore Files.txt | 0.48 KB |
MD5:
73933c04c859f040ccd57ff5a8fe8d7f
SHA1: 2120deed700ea4e4fc438f652112306c413087d4 SHA256: 58d34dd637391656e1580705b0ac7ed625e253bba4b4774369269f162cf904e3 SSDeep: 12:7MJMLM/4k4/ex+JlvwqP4uWKdC6d1JJM41:7MiLKEex+z48bzd1JN1 |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8hzaVpqj7b2yZS4hQQX8.m4a id-bry0hIIfVldG0S8v.BDKR | 9.64 KB |
MD5:
54b97649c76109e04322e484beeac332
SHA1: 961c52cca1cb254f00a14dcad7372f3a35487416 SHA256: 490baaf2353847db605226db0de454313009f09266874c475fd9fedfd9d7b6e8 SSDeep: 192:YFX15aD1S0TxIjNBxqTpNblTt/CADhOYMJwcJplHt4C:w1QDguxIhBxybfTIYMpXJWC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BXRrb4wqQer.jpg id-bry0hIIfVldG0S8v.BDKR | 57.26 KB |
MD5:
ac0762f6e923f633ba9932319b776442
SHA1: 37d23d588c262e207ef5bca16430f51c2d915e8a SHA256: a3878b71623e5571c0bfda66d68e76558095699e775038ba037eddf600bd38af SSDeep: 1536:udYrKVb9SpVA411oeg6t35HA8UtZzFqpNaTNv95/iKNNELbXfE/VUCFGwUucn:u2ub9aVAcoW5g8o3yNmNvLnELDfEdUCy |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\KU8coeDggn.gif id-bry0hIIfVldG0S8v.BDKR | 58.58 KB |
MD5:
e762e3e81774e4f712eb49c82f261038
SHA1: f4ff7758e9465f1b0ba9ac6240b94e3fea0bbe93 SHA256: 4cbca134c95e0473590065e1bbb13ad8b1c9e75dc2be3e6340e2e9b3b9286444 SSDeep: 1536:0CeCuE0i6jaPeXe+DoO6Dj350K3mnKQOfL8Wk4:7AnDp6DjpsnnOfL8R4 |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zkHjeCw.swf id-bry0hIIfVldG0S8v.BDKR | 76.49 KB |
MD5:
fb2a622ba7a1cb0b097262bfd36b278d
SHA1: f4a00b4074aaec2ede68ddbf48c23f2c557be47d SHA256: d13af1dd414a319b805fb2f45c3ede7f48c8809d6bf23b95b9abc726049f2708 SSDeep: 1536:SRdN9Me9ImnRgjskNsFi4WYu4HHLAnyEp2OamuR23yPgzz3u:TeImRgjsEs44WYu4ncnUOaR2QgzC |
|
|
| \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR | 1.90 MB |
MD5:
d1ef3210d6931db061dd5d13b0eec43d
SHA1: b92efd4037b0e30abc0dad6bbe58434c9e17760f SHA256: dbc442777eeac3bd9d6625dd2b7d1e21933cd8f8c8c2808aeee88c99df3421af SSDeep: 24576:HthKrn4fli3w3wvDO6F/Ash9can6XAjTy1vBoy5Ry0BqEI2S+o0k4Xqb91:NhKrnOluw3wvKQoOcPJoyO0BqEI2Sr |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\H4rg2nkN_C8pmo9n.jpg id-bry0hIIfVldG0S8v.BDKR | 6.01 KB |
MD5:
b92fafaa5f47a0915b065cd125135403
SHA1: 25c0706c2cf13ba1f2569d3a0dab0a6ed8cc0193 SHA256: c02a5c40f46748dcbefc07ab6e38b4509508df6b1df4fa6dd4ddfd93d5a7311e SSDeep: 96:tLrnNHbOJTIsep4flMG/LSktniu4IN6ZySnJwZA5/6UU396rvWErLJrI:tpQ+CD/LSktrD6ZyGw2N6UUN63C |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\82NPkSzIwNQa.mp4 id-bry0hIIfVldG0S8v.BDKR | 34.22 KB |
MD5:
c0c02f17c2c6764c2703525cc2f7bebc
SHA1: d1d001071a71b5d7e30e0c32111e030c59736172 SHA256: a5c642311e62363a181c7b0096cbe92f9ddd9314d5d22c53111246259ed57193 SSDeep: 768:MlcicZ1+AK/r0zPMaG9x0Z1p9gu2e4ObhyI0fJ:MlcBz+Z07MaG9aN92 |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\jLfOoXctrtajuOXkJWbB.gif id-bry0hIIfVldG0S8v.BDKR | 72.16 KB |
MD5:
621c9aed108813b50ba7b456e7880b52
SHA1: 1f9948e15fd885ce8c36e444094d4491c1c3b2ba SHA256: 1c2f137f7b6ec77aee009c7e56a70e57fa3167fe9e0b4799827c9009d1489c72 SSDeep: 1536:sUpLjid5X5nD9f7tALLJiw1xeRO6PloMZnIW3ivU7cni/h1qBk2IiBFYebm:rpLu7N7qiw1oROcloM5IFUn/Id8ebm |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\cQRffh50TJ.png id-bry0hIIfVldG0S8v.BDKR | 57.91 KB |
MD5:
25077af00b4a748e8d666e5c0bc1cd90
SHA1: cd54386d7af5569e6117df98c6413ee85125c348 SHA256: eeca06de81186cbac9aebe7fa3a3c86bbd3b89be5c7a906115d23c20718af184 SSDeep: 1536:dAXqQGF9H7sPMR6/p8tE3Zm9xKMZShHOATwpGj:dnQGXH7XUB8u3ZcIsAsY |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ET-7EbrfGtKuwqVif3Bz.m4a id-bry0hIIfVldG0S8v.BDKR | 59.77 KB |
MD5:
591f24c5eb2ef40f8858575ca801cde4
SHA1: 71822e4e6439fc9947ab7fb61bd48402b53939f2 SHA256: 7868fa7c35a5139f1f6a6aefe383215659efe9754d8c49c931558b527a523420 SSDeep: 1536:zHZWZ8P99oXZvK7sd2V8YTfBKwEcToxU2sRELnjN0:zoZQ9op9d22YTLTo+RG0 |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\uvT3U1eLcUuXN33LX1.flv id-bry0hIIfVldG0S8v.BDKR | 74.42 KB |
MD5:
f24a842b32067336f63d76f2da581ac3
SHA1: c7667c1e2cdf0cc0e0afcad808875f7bb9e17804 SHA256: 20d462a4085551d9712146648ab957241fe601569dd65eb4f502ffecad911829 SSDeep: 1536:jGqTTAhijmz7Hrz3u6KtETAiZsNOP7mmTaB1LDawMDiUDqxWByU:jDRa3LvAiao6mT21LyDiW04yU |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\9Q08f8qI8-EUS1ATwKx.mp3 id-bry0hIIfVldG0S8v.BDKR | 9.10 KB |
MD5:
df7bd0b33233fa7616395fbd5a564d0b
SHA1: b4cfee9d3df0cc49b17aa5d323468d03f6bff034 SHA256: ad42fd5292425c38065b4cd0e8bed4535e5eaff39128d8e0e235cd8da9c878b8 SSDeep: 192:/sypd7kSK2PVIvjl/4rECb0kUAZg/fbX197cdmzC:/sidojnCbzUAZgL197cdmzC |
|
|
| \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml id-bry0hIIfVldG0S8v.BDKR | 3.07 KB |
MD5:
b16aa0fd30d6f970c87160fd1e9cdeb8
SHA1: 480e1eedfa7ef69adc680c93304e1310a182a996 SHA256: 41e23418b5aad54459fb2b8594142ac6f8b933f39a6a0d432d67ccb2f87dca70 SSDeep: 48:pWejJ/TYRXVYsB/BWpj94Wr2fGVYDwJ2i9XlI5Vdq4YJI+8rlf4I:rjJ/ElKsB/BW6OVt2z5eLJrI |
|
|
| \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL id-bry0hIIfVldG0S8v.BDKR | 122.38 KB |
MD5:
12a12dca09e09f5152f73057a44d39ba
SHA1: 69a2c14a776028e53d14f9aad344029eb501fbee SHA256: 01e490f40e2287378abcbf23cf48273dcb06b98a484ea86bbe309add3ba73a1e SSDeep: 3072:qrSERCgiFYodTPPf9P95oCRUHiBZ/x4grx8WKUGW:qbCgi/dTPn9l5zL5t98NW |
|
|
| \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D id-bry0hIIfVldG0S8v.BDKR | 13.28 KB |
MD5:
145be59dbc75725b9f2a17ce0f75078c
SHA1: bb25e1e50c4345a7d17448dd059d2f9b47eb83c0 SHA256: 7395078e61ab27aceea6f2bace6d1d289b7956f1dbab81416be0b37aa0ee270e SSDeep: 192:jkek6eJtz/nYAQ4fuw6+b3LGfeAKb3N1trHasPbowFSkQOU+MoRH3phN/kY2oX+x:jktDTQcBfLgiHasD1ll5vvXDwOC |
|
|
| \\?\C:\Program Files (x86)\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.67 KB |
MD5:
c93b2ec4e64ea5a3730c00a3cf3b4029
SHA1: 4e9995ed5690f4429373b96a211635ff8c6a0b8d SHA256: 6eacaffd7e15d37f68b7683c09c8fb652f6a47a0c866f0eaab968731e138809a SSDeep: 24:nx3KsWuCpeR6mfy04vNWK1yt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5Wcw:nx9zP9Wj4q4YJI+8rlf4I |
|
|
| \\?\C:\Users\Public\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.87 KB |
MD5:
d8a01c5d594e9136c73c2859c151345a
SHA1: fcd3e4ea38721a6f395fc143f87759a5a9b8975a SHA256: 26107c20949c621579bc9a8015481ec2dd83eff06908777d572836e5cda187a1 SSDeep: 24:hMRwOd9CYkYoaEp/77xcxZDyol8Kd0yt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzL:CRB9CTZzBNOhq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.58 KB |
MD5:
7c3f36f598544844977cbd86afa56d1b
SHA1: 546969b210476c3ebf94421da1f2d2dfa9c1def4 SHA256: 22355f7d46f69e09b4eaac649d3cb1ad06fc603c94ad962ddf6a26ddec469c51 SSDeep: 24:xqpawTOPNgSrWyyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:xq0wC1sq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\0TuiOM62.m4a id-bry0hIIfVldG0S8v.BDKR | 74.87 KB |
MD5:
f3ecc6d2e8f4137308481d40bf2a91a9
SHA1: 19ae9b15e879900d212bf80504046e51bcd97bdd SHA256: 4c3758b7b5e273a3bc8e106593015efcc1d426886165366a20302c7f60ebdbc2 SSDeep: 1536:xTVf11cUz0+Q3xaat7sMcvNFP+qB8bhH7G1gzTpcohdKhapvat:JVz0/1sM2NFP+qq1H7ogzpvKh3 |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml id-bry0hIIfVldG0S8v.BDKR | 2.85 KB |
MD5:
6da763db0d8ad5596a8147589428d4a0
SHA1: d91d675d12acd916678eb32664cfb4bd0f06a729 SHA256: 18e0c5d4e438c00092ebe0131f6f79140d7828b20ea85d707a513e0988bf2077 SSDeep: 48:BHgWqXy/7K4dmuXpCNmkz8Z3Q148xEzdq4YJI+8rlf4I:Zf/m4FgEkIxQYzYLJrI |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 0.06 KB |
MD5:
58b6c6b70f2cae202ebfc78bc84ab310
SHA1: bf776c5fa58f0524826675e53f7137153e93381b SHA256: 97c07a7baa757dba6e1150c3be76bf16e7cec0f043af53a76728b1f7a2428940 SSDeep: 3:/l/+aktGl:VLk4l |
|
|
| \\?\C:\Users\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.67 KB |
MD5:
9c5d7bb352ad3bd1526b6e7ef342f3bb
SHA1: 9eae6d02922df9d87cca26f96bd18e7461e25cf7 SHA256: 7b6be372a3cee6edbdb5f00ee3bdf0f0d98fe56b6c137f873ec89a62ba398df5 SSDeep: 24:xZEKXl0QFf+7Eev2bzo9Ryt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGn:s2l0WOEBbzkUq4YJI+8rlf4I |
|
|
| \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi id-bry0hIIfVldG0S8v.BDKR | 2.39 MB |
MD5:
691614b3155b3145ceaa44b59480c0de
SHA1: 184ee3db1b48b18bd1439f1476759d6514e14dac SHA256: 46190c5171e6390a4695112608a1e7673066449f3b2199e33bf315ac28a4aa60 SSDeep: 49152:huZWUQ+pIs4P7SaQ8ndTex4S120ytJyhaK6C3oA:hpUCx7W1oI |
|
|
| \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR | 18.34 KB |
MD5:
777136169b449588e0d0cef26bfb8fb4
SHA1: 7119df2d3ad185d0512a3ec000067f594fb1d1a7 SHA256: f9c5bad3dea331949e20a5a028b23cbf8c41ce5da68324f522f90ee9eedabdb7 SSDeep: 384:8+9h/W4YFFkT8ju6jnHeJab38pJQhLmjBYoUhrh52J9avHXlyiF7cmIC:B/HZIa6zUab387QEVYoUhrf2q/lyiFhp |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi id-bry0hIIfVldG0S8v.BDKR | 855.00 KB |
MD5:
83a082dd0b105678128646cb7e7d98cc
SHA1: 6667e75ca35cd6587208be41cf314b3f08340d1b SHA256: 1989a7f0e5a04e9f3eff84b5e73eb3ad5bea3c75d98d51026eed4d9f1d8ed5b4 SSDeep: 24576:Xnsf/iX55QGz2gQZDBoRIUzwousRr3sLgV3NQU:XsfaXvQnNYwou8808U |
|
|
| \\?\C:\Program Files\Common Files\palmer still equations.exe id-bry0hIIfVldG0S8v.BDKR | 75.00 KB |
MD5:
3adc1d5fe5d3eded25bb25dc7d9929b3
SHA1: 9545676e72900501bc432247ccd165f1f64803a2 SHA256: b88f37a58925ddc471c052bf8d7831a2ed3073b970a5cc7552827331e74bb87c SSDeep: 1536:fePP2jayKHKDWWHu2PZKk9B7AxzaB3eMWUZti:fem7KqDWUuSvMxzaB3BW8U |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Cj O Dl60Ws_W.ots id-bry0hIIfVldG0S8v.BDKR | 94.68 KB |
MD5:
6955f1104df29bf1e341a412ba0e032e
SHA1: eccc748f07844dbf5c5f2b553d773e92d77417ce SHA256: 64a7a1f2445e0c3f5681b5c28e9ead8b54b7e8674c8220cd47c8d32b1b9acd9b SSDeep: 1536:J5tb1zBpGYVr2BWXdoaOuRVMNajIqMHWXdf5bkM1iSVuPP+KpXbEunVU8x:J5psBWhOWeiIqMcboM1iSVknTVVx |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0q-Q_imoU.swf id-bry0hIIfVldG0S8v.BDKR | 50.74 KB |
MD5:
65a78a94aa65731bf60c8d8f2661edf0
SHA1: a1462b944aac8f0ee4e507f4ad9f0286538f90a0 SHA256: 43543e0e4cf550e103f0d7641c9fd3c0bd10099311556a3356413c3d2840b45b SSDeep: 768:2D1d8KArNqH5dZTczBtbJDP+RBvvfiv5kG8zNV0uppFtGGHoOWo9iUSEEcNgdJkX:UfvcltJPO4v5kqupXoZ+BGJ8x |
|
|
| \\?\C:\Users\Public\Recorded TV\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.58 KB |
MD5:
df4196f7e98d11d84894cb4ecf52ba69
SHA1: d3bcfe57cff0ee8b9d7fe54d205ad4bc98b1c4d5 SHA256: 5cf71c4f2583253281983729210b85f0cec2938c5228b865dfafd5288dc75609 SSDeep: 24:kXQ8cb4WtipGOQtPKAyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:VZbtXOQSq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\bc3GSd9GTrIuC8yT.avi id-bry0hIIfVldG0S8v.BDKR | 40.73 KB |
MD5:
3fddc062aa607437b1887ac2b5d08133
SHA1: f5a38cf343834be49554693f05aca5cdec4a423a SHA256: 05d3cbc1377f08de48882356ceab963a625641acd857616d8328bbeb60d65b5c SSDeep: 768:3RKp0sj+yUIfzM2xgvLRI1Mh9U3FUqYfARg2vzvcMwSgyhM5uUmwWW:3RJsHUIxO+73FU4Rg2rEBSg15uHW |
|
|
| \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR | 1.95 KB |
MD5:
c4f1e7f839fcf898b1ce4df3af92fe00
SHA1: 66855311d32211e5ff15f0add1f2c25af86ba230 SHA256: 3ca23132fddd9589f3e4b431e28bbc701f2e3e86246ec6b64677a8456bc719e0 SSDeep: 24:D+xwx1nuP8f9HKz4/huK2SgHliI6GchBC8szK4yt7A9KMYVP3NY3z3m8MGQ2bkRL:Dqen5VvZkFiDhBC0q4YJI+8rlf4I |
|
|
| \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.63 KB |
MD5:
fbe94016941560ea4cfc8bd43d61f9e6
SHA1: 60a65e6535b2cbd123801ba7478add28bd573667 SHA256: 83ca2fe67add25d9313327f22289e4dd2ff2bd361cf18605ea39928111099a10 SSDeep: 24:A0zOjR14uHUpx98MAyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:A0zOjRy3pv8eq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\69q9P8O1O.docx id-bry0hIIfVldG0S8v.BDKR | 86.64 KB |
MD5:
84089f63bf35898b4bde659ad46c85a3
SHA1: ab653c3d0d35574846239ca6595c076320a6d4be SHA256: 8f76e9a749f5738edccc8b1686f1f614b9fb12d0c3824e4241f8b36e02f65386 SSDeep: 1536:lCAVq4oJbjQoWuUoQ+whCFL1YXfCJJk90cDW+/ZqiqZhWx8+SyzSFjn4Wad8CxaO:XRUbjjWznqF5ISS90GP0DnJaJxaMn |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F7hYN.ots id-bry0hIIfVldG0S8v.BDKR | 10.49 KB |
MD5:
f4b2f9af9106c1930704727f0703ab7a
SHA1: 856ffde8b1ac77d2c4ddf5df45b994ca0d588d72 SHA256: e5f418aebcb112c1900417abba07722a16825f670feeb5cfe5a2dd5e159bc16f SSDeep: 192:uC4nUt+/Ct12FR1H/J2TT+qFPkYmPHwiGYZUC:uxtqGR1fJu+0PkYmZGYmC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\be8uU4s7v.bmp id-bry0hIIfVldG0S8v.BDKR | 92.40 KB |
MD5:
4eb855c73776ce484257864e63aba27d
SHA1: 4dd75e5f16da23463d8691f40b6ab1d486e24157 SHA256: ec031f740ad634cf535db64ed6c096391381bb9f6972deadbd03b8599c4406e3 SSDeep: 1536:z3LMmxTeXV/LlsXG2se5tXlva0CZpACB0yuQ5DOzh13Iqd23HVxHV:zaXVJsPPVC0Cf5B0Ll1Yc8HVxHV |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\DuvSsdgB.png id-bry0hIIfVldG0S8v.BDKR | 53.61 KB |
MD5:
aac4dfe775cd41541a7277e2800832a6
SHA1: 37b5ddce43a126ffe0b770575aba5842f0f329f6 SHA256: 6e3339b0b385e9ffaae2f05e5655b131c584bc75c5c9f67c65815378d0890ff5 SSDeep: 768:RJ62hMV6OLJ2OHwe2uaXO685D26cvuDPLHC9nKtb5LaG1+1imXCP9:H3hzxsv2uuL2DPLi9nKtFuZq |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab id-bry0hIIfVldG0S8v.BDKR | 10.00 MB |
MD5:
82bd51c19cb1bc2d4153de29983b3201
SHA1: 16307b90c068549b34e08704fd1c97c0b8dec41e SHA256: b03cb9c6e331679105d5bd69375a7fc8edd74279e20d98825e7dc6024f5832cf SSDeep: 196608:cn8E+H9F7/iHXDI2CPKBUq6qMuGm9vqrRxoi93nnedBwzSlmKwDhANZbPhn:cn8rdFDX2J5uuGyCEi9uIQmlANRh |
|
|
| \\?\C:\Users\Public\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.67 KB |
MD5:
d9e46bb9a87c802720c8cbe6fc6ee7da
SHA1: 31de90057c0c3c89eb82bcf1cc548974f93d68f9 SHA256: cd88ebaddd5966666d5bbf50cca36464372efad0bf9707292389ed3b503329d1 SSDeep: 24:q/oCV8+XM0oQGGnnzZnMfyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGn:qQa97zZnMaq4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ja5mOI9ZMBy.m4a id-bry0hIIfVldG0S8v.BDKR | 50.15 KB |
MD5:
7a7c7e2a1362743429dd7056e6b282ca
SHA1: 19d815e7b9bdefb9e41d38b39b4eacc111326c0b SHA256: e760c179c2225483c2c48bee8f6fdafb9be632a84889f2953a5a0ec0b7b5cab1 SSDeep: 1536:kOmuwcfPmskQjt+ky2La7ixnJVTh4SxQ/:JxXPms1tNLa72JTxxE |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\G_LitrMcKt.wav id-bry0hIIfVldG0S8v.BDKR | 57.49 KB |
MD5:
6f7f19e001c9c2dd31d79c9a89e339da
SHA1: 567d416ce78b1d835abc7e0d20773c5b49483615 SHA256: 20cd41c84a57a03111060a648c7996d2eb7eea071ed972bd8fcc5fe4dc010030 SSDeep: 1536:he65tS33s1WjIBPbHh+caxFYiCrzOQxr7X2:heX81WjId+T4DzO0n2 |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\lMHvIe3HLUK9sBCYE5a.swf id-bry0hIIfVldG0S8v.BDKR | 53.00 KB |
MD5:
7d849758bad126610d4a6be01887e162
SHA1: 7e86c69fca0456d7d8827fc6f360e0bb6c5a314f SHA256: c5d17be709f5f39d2f0bdc138fbad813de7b6c203bed3eaae50f6def136fde2d SSDeep: 1536:ZUZj9eP0686FKWeKAmdqiAfWkKUWpAAFM:eZj8Pk6MWbAWqiAfWkmVm |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR | 1.96 KB |
MD5:
304698d43bc7a1ddfddf18a45db069ae
SHA1: 3cbcb493064f9687f78603af6aeeda42fd5f3e29 SHA256: 1daa575b50e8d5eaf6eada4ceb786f33b0b8cb715432fb6b74d84397740e394a SSDeep: 24:RROYQxhEdUUllnhZ+OihgNd6kgAOAbRyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlf:RROlxhEaWhhdPg64q4YJI+8rlf4I |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\KQeyWfmit_woScYM.mp3 id-bry0hIIfVldG0S8v.BDKR | 22.14 KB |
MD5:
19f044d9979864c6c54971e101345cdc
SHA1: 2d982cf23f79aec190da973f2b9d25b8e9fb8a06 SHA256: 6f2c2b24e299294cfe6bc9ead9a9e74b4d22e7813823ce8b2a99087a7d1a4596 SSDeep: 384:h+ZULcWPQcTwWtecxyK4Y4ppAFdQaxIkJF2DVMes1qhnZculgZcZDTlKw7XHJ2DA:hY4cvcTF7EY4ppOP7/8BBZcQgZi3J2DA |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms id-bry0hIIfVldG0S8v.BDKR | 1.74 KB |
MD5:
db13f193dcc0126531a2dea81f8afe68
SHA1: d57b90ba4d366281dca86151066d7a771a01f500 SHA256: 5bb3a6548b379d68dc2ba142cf72a0c09b4610f7ee372f4d760ed623a3a7be24 SSDeep: 24:FZ/QFXOQzxDXAStygNHBzyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGn:FZ/GHxT8gN8q4YJI+8rlf4I |
|
|
| \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR | 6.56 KB |
MD5:
0f2e57c88c5e1ad4ebfd8a79f6e0985d
SHA1: 17c75560aec0e67b90f35aae8769be1e1cd082e7 SHA256: ab166f087bebfe6be8c698f6c2c7b2a48ec308db020f42bd29e7464bcdb2e847 SSDeep: 96:I4dSe0wJ6foFrUcNoHowgEDsCt3VgCqjOe4jRmaaepD9uR3m9pZELJrI:I4dwq6igcCHTlZtqCqjOe49oWEhmXqC |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR | 1.89 KB |
MD5:
b5275694ce2be28d65ce0def6c0ce276
SHA1: ca525a9e73cbcf1d0a43db99a99d2abfc946b4e5 SHA256: 849bb61924459c490d7895c0b8539425463cb8cf8100901f15d49d8e480b5784 SSDeep: 48:OrIddOSrLV13rVcCn8iWJq4YJI+8rlf4I:OUdlTWa8inLJrI |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml id-bry0hIIfVldG0S8v.BDKR | 1.62 KB |
MD5:
a122ebba4d5d1da5270c502f27bc22f8
SHA1: 5928c2693008d0fb631e465150da803bc4f107d4 SHA256: 224b15d6fdcf125e40c2ee37bc5fb5ebb90b811b7b6cdb6d8e0b335838295d5b SSDeep: 24:C4I47trFpv55Yq1QZ5iZnyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGn:C4I475/55YcQZ8cq4YJI+8rlf4I |
|
|
| \\?\C:\ProgramData\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR | 16.12 KB |
MD5:
4bc309961dd2428090d87ccd3ffd2e1b
SHA1: ae878fa268282c2be0f724df950551d074b3eb36 SHA256: 9b53d585a6de733703b9fe9f90b6aecc397b2a71f93a937d3c6dfa3d1d205b83 SSDeep: 384:lM+xFkq6+8Bd4Bi9zysqMPPhORPAk9pt8pbseRe9+v5NOmLC:OoFkqJBqzrRwTztibsA5hNOz |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\GxY9j-YD0CfIAbkw0.png id-bry0hIIfVldG0S8v.BDKR | 60.57 KB |
MD5:
740488d40dacf379dc10dfab80fbc689
SHA1: f457f7a1c363bc2447b7ccfa8fb47d0130da010f SHA256: b9523f35de254092d1ed7cbd1f60f10faa5f44261996ebc126ea3254ad3b5c50 SSDeep: 1536:jRbYSqzXpPm7wasQCOQ/yHvd2k6jBXkoIUNEv5docig6ayqyM:jRbICwaZCONFecTBdodg6qyM |
|
|
| \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm id-bry0hIIfVldG0S8v.BDKR | 18.18 KB |
MD5:
f4717e803245f8cf3e84269e172d35e9
SHA1: 7455a943a0b6fa8cfce852a58d98b134edb1ad97 SHA256: 7774c1c7e68be740ecdb40a480ca33d030a3f686a5cc88ec0a02f2ee630dab41 SSDeep: 384:/G04TEJHrRoSUH4Dusbnj9tI0aTS20EIiLgHadd6C:/JUC+SNL6gHeD |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 0.06 KB |
MD5:
e2a482a3896964675811dba0bfde2f0b
SHA1: b32c03194e03c658007c5b6bdedced39ddefc291 SHA256: c6e26c3e31bac75ea556356cbbd12190e29f277ea5f9010f8f88d5ab3363a2cf SSDeep: 3:: |
|
|
| \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log id-bry0hIIfVldG0S8v.BDKR | 1.66 KB |
MD5:
7f321db4517ab2c0931e149626235422
SHA1: da848e74a2e89f00810dd7f573a818da4d92743e SHA256: 389071fe710d338566acf64ab2095d5351b6ecd442ffe0ea3f45cdc0b2183a15 SSDeep: 24:hyvuI/AdFyCCqBHXRnyt7A9KMYVP3NY3z3m8MGQ2bkRyIa58rlzgBbKW5WcGII:MZWfCqB30q4YJI+8rlf4I |
|
|
| \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf id-bry0hIIfVldG0S8v.BDKR | 149.50 KB |
MD5:
09ae3f0f598872f00f4b09407cc9132a
SHA1: 98fa056002b6ceba880459e1152863fa5e6c78eb SHA256: e41b8aa6bef3a0d6ba1b22b1ef9321c319f927a360b8aa7a0b428070e670cc86 SSDeep: 3072:84CmlxEid2mtXGt0dttAgFvvTz6/mluPQmFi8uGYzB4l1fyu0tmnru1J:8reJt2edsgFnXsKuPQn8uGYzSPqu0MrI |
|
|
| \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll id-bry0hIIfVldG0S8v.BDKR | 16.75 KB |
MD5:
97be1a9fec336f02d06bc061ae389ad6
SHA1: 48217593c999fc6fc26e5d227d986ff6e6076b6f SHA256: 0088df61a66fbc79388a960462aa3f89a834b0bb388124e05870e8e5f243dc7b SSDeep: 384:pZt1Z5wF8PA2x4opqq6kgW8b2D9VV1+eRnWVuuoyXC:Lt1wep4op6kgrI3HWI7x |
|
|
| \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf id-bry0hIIfVldG0S8v.BDKR | 533.50 KB |
MD5:
52756a195b152b14449c60db092b8676
SHA1: fcd5b4c29b99db3764da47e760fc2d9831f8d60c SHA256: 35f384b411811d3fdf9a2393a237b1e0edc4edf182b3f78f7069937355e4fbc2 SSDeep: 12288:IhTIxpIbYp/BZoUWA7ABonajEnr47+SVW3CRdkSlU/XTtAc:RpIbHUWA7AB5d7KCLbyKc |
|
|
Threads
Thread 0xa50
27
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fcr.exe, size = 32768 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\, value_name = unlock, data = "c:\How To Restore Files.txt", size = 29, type = REG_SZ |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\, value_name = searchfiles, data = C:\windows\searchfiles.exe, size = 26, type = REG_SZ |
|
1 | |
| File | Copy | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fcr.exe, destination_filename = C:\windows\searchfiles.exe |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\, value_name = orsa |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\, value_name = orsa, size = 276, type = REG_BINARY |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\, value_name = rsa, size = 1280, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\, value_name = PromptOnSecureDesktop, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\, value_name = EnableLUA, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\, value_name = ConsentPromptBehaviorAdmin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x76900000 |
|
1 | |
| Environment | Get Environment String | name = ComSpec, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe, show_window = SW_HIDE |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x750a0000 |
|
1 | |
| System | Sleep | duration = 30000 milliseconds (30.000 seconds) |
|
2 |
Thread 0xa58
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| User | Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
9 |
Thread 0xa9c
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\bootmgr, destination_filename = \\?\C:\bootmgr id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\bootmgr id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\bootmgr id-bry0hIIfVldG0S8v.BDKR, destination_filename = \\?\C:\bootmgr |
|
1 | |
| File | Get Info | filename = \\?\C:\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\BOOTSECT.BAK, destination_filename = \\?\C:\BOOTSECT.BAK id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\BOOTSECT.BAK id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\BOOTSECT.BAK id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\BOOTSECT.BAK id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\BOOTSECT.BAK id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\BOOTSECT.BAK id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\BOOTSECT.BAK id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\hiberfil.sys, destination_filename = \\?\C:\hiberfil.sys id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\pagefile.sys, destination_filename = \\?\C:\pagefile.sys id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xaa4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\BCD, destination_filename = \\?\C:\Boot\BCD id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\BCD.LOG, destination_filename = \\?\C:\Boot\BCD.LOG id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\BOOTSTAT.DAT, destination_filename = \\?\C:\Boot\BOOTSTAT.DAT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BOOTSTAT.DAT id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Boot\BOOTSTAT.DAT id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Boot\BOOTSTAT.DAT id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Boot\BOOTSTAT.DAT id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Boot\BOOTSTAT.DAT id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Boot\BOOTSTAT.DAT id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\memtest.exe, destination_filename = \\?\C:\Boot\memtest.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xaa8
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, destination_filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xab4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\cs-CZ\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\cs-CZ\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\da-DK\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\da-DK\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\da-DK\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xabc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\de-DE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\de-DE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\de-DE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xad0
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\desktop.ini, destination_filename = \\?\C:\Program Files\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xad4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\desktop.ini, destination_filename = \\?\C:\Program Files (x86)\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xae4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\desktop.ini, destination_filename = \\?\C:\Users\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\el-GR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\el-GR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\el-GR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xaec
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\zh-CN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\en-US\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\en-US\memtest.exe.mui, destination_filename = \\?\C:\Boot\en-US\memtest.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xaf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\es-ES\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\es-ES\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\es-ES\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xaf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\fi-FI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fi-FI\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\fi-FI\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xaf8
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\Fonts\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\chs_boot.ttf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\cht_boot.ttf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\kor_boot.ttf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xafc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\fr-FR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fr-FR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\fr-FR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\hu-HU\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\hu-HU\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\hu-HU\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\it-IT\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\it-IT\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\it-IT\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\ja-JP\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ja-JP\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\ja-JP\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\ko-KR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ko-KR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\ko-KR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\nb-NO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nb-NO\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\nb-NO\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\nl-NL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nl-NL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\nl-NL\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\pl-PL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pl-PL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\pl-PL\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\pt-BR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-BR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\pt-BR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\pt-PT\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-PT\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\pt-PT\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\ru-RU\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ru-RU\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\ru-RU\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\sv-SE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sv-SE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\sv-SE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\tr-TR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\tr-TR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\tr-TR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\zh-CN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-CN\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\zh-CN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\zh-HK\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-HK\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\zh-HK\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\zh-TW\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-TW\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\zh-TW\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb48
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\constitute_appropriate_sorry.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\constitute_appropriate_sorry.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\constitute_appropriate_sorry.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\constitute_appropriate_sorry.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\constitute_appropriate_sorry.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\constitute_appropriate_sorry.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\constitute_appropriate_sorry.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\constitute_appropriate_sorry.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\regulationspublishers.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\regulationspublishers.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\regulationspublishers.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\regulationspublishers.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\regulationspublishers.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\regulationspublishers.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\regulationspublishers.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\regulationspublishers.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xb50
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, destination_filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb58
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG1, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG1 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb68
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Default\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\NTUSER.DAT, destination_filename = \\?\C:\Users\Default\NTUSER.DAT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\NTUSER.DAT id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\NTUSER.DAT id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\NTUSER.DAT id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb74
26
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft Help\Hx.hxn, destination_filename = \\?\C:\ProgramData\Microsoft Help\Hx.hxn id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\Hx.hxn id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft Help\Hx.hxn id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft Help\Hx.hxn id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft Help\Hx.hxn id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft Help\Hx.hxn id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft Help\Hx.hxn id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn, destination_filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn, destination_filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn, destination_filename = \\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb78
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Sun\Java\Java Update\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\desktop.ini, destination_filename = \\?\C:\Users\Public\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xb98
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\palmer still equations.exe, destination_filename = \\?\C:\Program Files\Common Files\palmer still equations.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\palmer still equations.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\palmer still equations.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\palmer still equations.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\palmer still equations.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\palmer still equations.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\palmer still equations.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xb9c
37
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\audiodepthconverter.ax, destination_filename = \\?\C:\Program Files\DVD Maker\audiodepthconverter.ax id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\bod_r.TTF, destination_filename = \\?\C:\Program Files\DVD Maker\bod_r.TTF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\directshowtap.ax, destination_filename = \\?\C:\Program Files\DVD Maker\directshowtap.ax id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\DVDMaker.exe, destination_filename = \\?\C:\Program Files\DVD Maker\DVDMaker.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Eurosti.TTF, destination_filename = \\?\C:\Program Files\DVD Maker\Eurosti.TTF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\fieldswitch.ax, destination_filename = \\?\C:\Program Files\DVD Maker\fieldswitch.ax id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\offset.ax, destination_filename = \\?\C:\Program Files\DVD Maker\offset.ax id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\OmdBase.dll, destination_filename = \\?\C:\Program Files\DVD Maker\OmdBase.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\OmdProject.dll, destination_filename = \\?\C:\Program Files\DVD Maker\OmdProject.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Pipeline.dll, destination_filename = \\?\C:\Program Files\DVD Maker\Pipeline.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\PipeTran.dll, destination_filename = \\?\C:\Program Files\DVD Maker\PipeTran.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\rtstreamsink.ax, destination_filename = \\?\C:\Program Files\DVD Maker\rtstreamsink.ax id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\rtstreamsource.ax, destination_filename = \\?\C:\Program Files\DVD Maker\rtstreamsource.ax id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\SecretST.TTF, destination_filename = \\?\C:\Program Files\DVD Maker\SecretST.TTF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\soniccolorconverter.ax, destination_filename = \\?\C:\Program Files\DVD Maker\soniccolorconverter.ax id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\sonicsptransform.ax, destination_filename = \\?\C:\Program Files\DVD Maker\sonicsptransform.ax id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\WMM2CLIP.dll, destination_filename = \\?\C:\Program Files\DVD Maker\WMM2CLIP.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xba0
46
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\hmmapi.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\hmmapi.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\ie8props.propdesc, destination_filename = \\?\C:\Program Files\Internet Explorer\ie8props.propdesc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\iecompat.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\iecompat.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\iedvtool.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\iedvtool.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\ieinstal.exe, destination_filename = \\?\C:\Program Files\Internet Explorer\ieinstal.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\ielowutil.exe, destination_filename = \\?\C:\Program Files\Internet Explorer\ielowutil.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\ieproxy.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\ieproxy.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\IEShims.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\IEShims.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\iexplore.exe, destination_filename = \\?\C:\Program Files\Internet Explorer\iexplore.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\jsdbgui.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\jsdbgui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\jsdebuggeride.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\jsdebuggeride.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\JSProfilerCore.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\JSProfilerCore.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\jsprofilerui.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\jsprofilerui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\msdbg2.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\msdbg2.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\mysimon.exe, destination_filename = \\?\C:\Program Files\Internet Explorer\mysimon.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Internet Explorer\mysimon.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\pdm.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\pdm.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\sqmapi.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\sqmapi.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xbac
85
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm, destination_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Benioku.htm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm, destination_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Berime.htm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm, destination_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leame.htm, destination_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leame.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leame.htm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leame.htm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leame.htm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leame.htm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeesMij.htm, destination_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeesMij.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeesMij.htm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeesMij.htm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeesMij.htm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeesMij.htm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeesMij.htm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeesMij.htm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leggimi.htm, destination_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leggimi.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leggimi.htm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leggimi.htm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leggimi.htm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leggimi.htm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leggimi.htm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Leggimi.htm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeiaMe.htm, destination_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeiaMe.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeiaMe.htm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeiaMe.htm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeiaMe.htm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeiaMe.htm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeiaMe.htm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\LeiaMe.htm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Liesmich.htm, destination_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Liesmich.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Liesmich.htm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Liesmich.htm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Liesmich.htm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Liesmich.htm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbb8
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbbc
31
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Services\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbc0
31
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbc4
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbc8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, destination_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbcc
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbd0
31
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbd4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbd8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows NT\Accessories\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbdc
31
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbe0
31
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbe4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbe8
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbec
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbf0
42
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbf4
41
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi, destination_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, destination_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, destination_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll, destination_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbf8
31
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x818
80
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x490
251
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0q-Q_imoU.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0q-Q_imoU.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0q-Q_imoU.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0q-Q_imoU.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0q-Q_imoU.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0q-Q_imoU.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0q-Q_imoU.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0q-Q_imoU.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4JBCyaw.csv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4JBCyaw.csv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4JBCyaw.csv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4JBCyaw.csv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4JBCyaw.csv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4JBCyaw.csv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4JBCyaw.csv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4JBCyaw.csv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7pTl.mkv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7pTl.mkv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7pTl.mkv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7pTl.mkv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7pTl.mkv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7pTl.mkv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7pTl.mkv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7pTl.mkv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aTwMt9g.mp4, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aTwMt9g.mp4 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aTwMt9g.mp4 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aTwMt9g.mp4 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aTwMt9g.mp4 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aTwMt9g.mp4 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aTwMt9g.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aTwMt9g.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d-NecsGi8.bmp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d-NecsGi8.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d-NecsGi8.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d-NecsGi8.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d-NecsGi8.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d-NecsGi8.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d-NecsGi8.bmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d-NecsGi8.bmp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dJjV63BFqSdhoi-qlwb4.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dJjV63BFqSdhoi-qlwb4.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dJjV63BFqSdhoi-qlwb4.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dJjV63BFqSdhoi-qlwb4.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dJjV63BFqSdhoi-qlwb4.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dJjV63BFqSdhoi-qlwb4.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dJjV63BFqSdhoi-qlwb4.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dJjV63BFqSdhoi-qlwb4.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d_G3ceZPcut.jpg, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d_G3ceZPcut.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d_G3ceZPcut.jpg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d_G3ceZPcut.jpg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d_G3ceZPcut.jpg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d_G3ceZPcut.jpg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d_G3ceZPcut.jpg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d_G3ceZPcut.jpg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E1c0EvVSo6.bmp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E1c0EvVSo6.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E1c0EvVSo6.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E1c0EvVSo6.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E1c0EvVSo6.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E1c0EvVSo6.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E1c0EvVSo6.bmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E1c0EvVSo6.bmp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fBf0Oz9VQVAQ.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fBf0Oz9VQVAQ.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fBf0Oz9VQVAQ.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fBf0Oz9VQVAQ.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fBf0Oz9VQVAQ.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fBf0Oz9VQVAQ.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fBf0Oz9VQVAQ.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fBf0Oz9VQVAQ.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fcr.exe, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fcr.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fcr.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fcr.exe id-bry0hIIfVldG0S8v.BDKR, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fcr.exe |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g9OegMPzW9kZL_.mkv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g9OegMPzW9kZL_.mkv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g9OegMPzW9kZL_.mkv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g9OegMPzW9kZL_.mkv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g9OegMPzW9kZL_.mkv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g9OegMPzW9kZL_.mkv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g9OegMPzW9kZL_.mkv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g9OegMPzW9kZL_.mkv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JqFv3gGSzwIUH88WXe.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JqFv3gGSzwIUH88WXe.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JqFv3gGSzwIUH88WXe.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JqFv3gGSzwIUH88WXe.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JqFv3gGSzwIUH88WXe.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JqFv3gGSzwIUH88WXe.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JqFv3gGSzwIUH88WXe.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JqFv3gGSzwIUH88WXe.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KN__ldK9BzJbp.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KN__ldK9BzJbp.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KN__ldK9BzJbp.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KN__ldK9BzJbp.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KN__ldK9BzJbp.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KN__ldK9BzJbp.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KN__ldK9BzJbp.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KN__ldK9BzJbp.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lMz_LTptxP.pptx, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lMz_LTptxP.pptx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lMz_LTptxP.pptx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lMz_LTptxP.pptx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lMz_LTptxP.pptx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lMz_LTptxP.pptx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lMz_LTptxP.pptx id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lMz_LTptxP.pptx id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\m6vXf5ro7c02MA17KNj.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\m6vXf5ro7c02MA17KNj.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\m6vXf5ro7c02MA17KNj.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\m6vXf5ro7c02MA17KNj.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\m6vXf5ro7c02MA17KNj.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\m6vXf5ro7c02MA17KNj.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\m6vXf5ro7c02MA17KNj.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\m6vXf5ro7c02MA17KNj.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MisCVZb4-.avi, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MisCVZb4-.avi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MisCVZb4-.avi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MisCVZb4-.avi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MisCVZb4-.avi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MisCVZb4-.avi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MisCVZb4-.avi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MisCVZb4-.avi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mRSY.bmp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mRSY.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mRSY.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mRSY.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mRSY.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mRSY.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mRSY.bmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mRSY.bmp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mtAEz8sW0z74.mp4, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mtAEz8sW0z74.mp4 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mtAEz8sW0z74.mp4 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mtAEz8sW0z74.mp4 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mtAEz8sW0z74.mp4 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mtAEz8sW0z74.mp4 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mtAEz8sW0z74.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mtAEz8sW0z74.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NKOzGRkpkR3YahGa.avi, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NKOzGRkpkR3YahGa.avi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NKOzGRkpkR3YahGa.avi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NKOzGRkpkR3YahGa.avi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NKOzGRkpkR3YahGa.avi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NKOzGRkpkR3YahGa.avi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NKOzGRkpkR3YahGa.avi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NKOzGRkpkR3YahGa.avi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NL5p.flv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NL5p.flv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NL5p.flv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NL5p.flv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NL5p.flv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NL5p.flv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NL5p.flv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NL5p.flv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NlZFxMAHl.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NlZFxMAHl.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NlZFxMAHl.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NlZFxMAHl.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NlZFxMAHl.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NlZFxMAHl.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NlZFxMAHl.wav id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NlZFxMAHl.wav id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\n_6ArotS1kRdXv.bmp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\n_6ArotS1kRdXv.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\n_6ArotS1kRdXv.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\n_6ArotS1kRdXv.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\n_6ArotS1kRdXv.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\n_6ArotS1kRdXv.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\n_6ArotS1kRdXv.bmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\n_6ArotS1kRdXv.bmp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OHmdDrQJ.jpg, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OHmdDrQJ.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x4ac
64
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0cdYs09W.xlsx, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0cdYs09W.xlsx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0cdYs09W.xlsx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0cdYs09W.xlsx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0cdYs09W.xlsx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0cdYs09W.xlsx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0cdYs09W.xlsx id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0cdYs09W.xlsx id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\69q9P8O1O.docx, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\69q9P8O1O.docx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\69q9P8O1O.docx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\69q9P8O1O.docx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\69q9P8O1O.docx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\69q9P8O1O.docx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\69q9P8O1O.docx id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\69q9P8O1O.docx id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7dgl8s-3Gjx7.pptx, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7dgl8s-3Gjx7.pptx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7dgl8s-3Gjx7.pptx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7dgl8s-3Gjx7.pptx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7dgl8s-3Gjx7.pptx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7dgl8s-3Gjx7.pptx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7dgl8s-3Gjx7.pptx id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7dgl8s-3Gjx7.pptx id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\djWv5qVlO-f36Hg32j.pptx, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\djWv5qVlO-f36Hg32j.pptx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\djWv5qVlO-f36Hg32j.pptx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\djWv5qVlO-f36Hg32j.pptx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\djWv5qVlO-f36Hg32j.pptx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\djWv5qVlO-f36Hg32j.pptx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\djWv5qVlO-f36Hg32j.pptx id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\djWv5qVlO-f36Hg32j.pptx id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\DTm8CHXI3Gp.xlsx, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\DTm8CHXI3Gp.xlsx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\DTm8CHXI3Gp.xlsx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\DTm8CHXI3Gp.xlsx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\DTm8CHXI3Gp.xlsx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\DTm8CHXI3Gp.xlsx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x358
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x844
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x84c
47
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x840
124
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\BBn5CvTVgKWX.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\BBn5CvTVgKWX.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\BBn5CvTVgKWX.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\BBn5CvTVgKWX.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\BBn5CvTVgKWX.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\BBn5CvTVgKWX.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\BBn5CvTVgKWX.wav id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\BBn5CvTVgKWX.wav id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ET-7EbrfGtKuwqVif3Bz.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ET-7EbrfGtKuwqVif3Bz.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ET-7EbrfGtKuwqVif3Bz.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ET-7EbrfGtKuwqVif3Bz.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ET-7EbrfGtKuwqVif3Bz.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ET-7EbrfGtKuwqVif3Bz.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ET-7EbrfGtKuwqVif3Bz.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ET-7EbrfGtKuwqVif3Bz.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GcQTiaw8mWqp.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GcQTiaw8mWqp.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GcQTiaw8mWqp.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GcQTiaw8mWqp.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GcQTiaw8mWqp.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GcQTiaw8mWqp.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GcQTiaw8mWqp.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\GcQTiaw8mWqp.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HhuwU2FyuyIkneVE0.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HhuwU2FyuyIkneVE0.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HhuwU2FyuyIkneVE0.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HhuwU2FyuyIkneVE0.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HhuwU2FyuyIkneVE0.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HhuwU2FyuyIkneVE0.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HhuwU2FyuyIkneVE0.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\HhuwU2FyuyIkneVE0.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ja5mOI9ZMBy.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ja5mOI9ZMBy.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ja5mOI9ZMBy.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ja5mOI9ZMBy.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ja5mOI9ZMBy.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ja5mOI9ZMBy.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ja5mOI9ZMBy.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ja5mOI9ZMBy.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\KQeyWfmit_woScYM.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\KQeyWfmit_woScYM.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\KQeyWfmit_woScYM.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\KQeyWfmit_woScYM.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\KQeyWfmit_woScYM.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\KQeyWfmit_woScYM.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\KQeyWfmit_woScYM.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\KQeyWfmit_woScYM.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\kTM8.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\kTM8.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\kTM8.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\kTM8.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\kTM8.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\kTM8.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\kTM8.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\kTM8.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\vlkjgqIMwZdhJeRkz.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\vlkjgqIMwZdhJeRkz.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\vlkjgqIMwZdhJeRkz.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\vlkjgqIMwZdhJeRkz.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\vlkjgqIMwZdhJeRkz.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\vlkjgqIMwZdhJeRkz.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\vlkjgqIMwZdhJeRkz.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\vlkjgqIMwZdhJeRkz.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\WOUo-AhtDHZS.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\WOUo-AhtDHZS.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\WOUo-AhtDHZS.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\WOUo-AhtDHZS.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\WOUo-AhtDHZS.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\WOUo-AhtDHZS.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\WOUo-AhtDHZS.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\WOUo-AhtDHZS.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\YYxxAR3wBsO-qZ5.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\YYxxAR3wBsO-qZ5.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\YYxxAR3wBsO-qZ5.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\YYxxAR3wBsO-qZ5.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\YYxxAR3wBsO-qZ5.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\YYxxAR3wBsO-qZ5.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\YYxxAR3wBsO-qZ5.wav id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\YYxxAR3wBsO-qZ5.wav id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x640
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft Help\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft Help\Hx.hxn, destination_filename = \\?\C:\Users\All Users\Microsoft Help\Hx.hxn id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft Help\MS.EXCEL.14.1033.hxn, destination_filename = \\?\C:\Users\All Users\Microsoft Help\MS.EXCEL.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft Help\MS.EXCEL.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft Help\MS.EXCEL.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft Help\MS.EXCEL.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft Help\MS.EXCEL.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft Help\MS.EXCEL.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn, destination_filename = \\?\C:\Users\All Users\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft Help\MS.GRAPH.14.1033.hxn, destination_filename = \\?\C:\Users\All Users\Microsoft Help\MS.GRAPH.14.1033.hxn id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x6dc
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll, destination_filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll, destination_filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x868
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL, destination_filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL, destination_filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x8a8
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico, destination_filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico, destination_filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico, destination_filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x88c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat, destination_filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x87c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 |
Thread 0x8e4
47
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Desktop\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Desktop\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Desktop\Adobe Reader X.lnk, destination_filename = \\?\C:\Users\Public\Desktop\Adobe Reader X.lnk id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Desktop\Adobe Reader X.lnk id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Desktop\Adobe Reader X.lnk id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Desktop\Adobe Reader X.lnk id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Desktop\Adobe Reader X.lnk id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Desktop\Adobe Reader X.lnk id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Desktop\Adobe Reader X.lnk id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Public\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Desktop\desktop.ini, destination_filename = \\?\C:\Users\Public\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Public\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Desktop\Google Chrome.lnk, destination_filename = \\?\C:\Users\Public\Desktop\Google Chrome.lnk id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Desktop\Google Chrome.lnk id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Desktop\Google Chrome.lnk id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Desktop\Google Chrome.lnk id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Desktop\Google Chrome.lnk id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Desktop\Google Chrome.lnk id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Desktop\Google Chrome.lnk id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Public\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Desktop\Mozilla Firefox.lnk, destination_filename = \\?\C:\Users\Public\Desktop\Mozilla Firefox.lnk id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Desktop\Mozilla Firefox.lnk id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Desktop\Mozilla Firefox.lnk id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Desktop\Mozilla Firefox.lnk id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Desktop\Mozilla Firefox.lnk id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Desktop\Mozilla Firefox.lnk id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Desktop\Mozilla Firefox.lnk id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x8ac
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\DESIGNER\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\DESIGNER\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\DESIGNER\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, destination_filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x8a0
21
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\ielowutil.exe.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\ielowutil.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\jsdebuggeride.dll.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\jsdebuggeride.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\JSProfilerCore.dll.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\JSProfilerCore.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x89c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\cat.exe, destination_filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\cat.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\cat.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\cat.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\cat.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft SQL Server Compact Edition\cat.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0x894
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Synchronization Services\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Synchronization Services\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Synchronization Services\hourunexpected.exe, destination_filename = \\?\C:\Program Files\Microsoft Synchronization Services\hourunexpected.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Synchronization Services\hourunexpected.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Synchronization Services\hourunexpected.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Synchronization Services\hourunexpected.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Synchronization Services\hourunexpected.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\hourunexpected.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\hourunexpected.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Synchronization Services\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Synchronization Services\sword.exe, destination_filename = \\?\C:\Program Files\Microsoft Synchronization Services\sword.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Synchronization Services\sword.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Synchronization Services\sword.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Synchronization Services\sword.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Synchronization Services\sword.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\sword.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\sword.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x720
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Uninstall Information\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Uninstall Information\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Uninstall Information\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Uninstall Information\vampire criterion.exe, destination_filename = \\?\C:\Program Files\Uninstall Information\vampire criterion.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Uninstall Information\vampire criterion.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Uninstall Information\vampire criterion.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Uninstall Information\vampire criterion.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Uninstall Information\vampire criterion.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Uninstall Information\vampire criterion.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Uninstall Information\vampire criterion.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x740
49
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\finds_lingerie_candy.exe, destination_filename = \\?\C:\Program Files\Windows Defender\finds_lingerie_candy.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\finds_lingerie_candy.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows Defender\finds_lingerie_candy.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Windows Defender\finds_lingerie_candy.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows Defender\finds_lingerie_candy.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpAsDesc.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpAsDesc.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpClient.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpClient.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpCmdRun.exe, destination_filename = \\?\C:\Program Files\Windows Defender\MpCmdRun.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpCommu.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpCommu.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpEvMsg.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpEvMsg.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpOAV.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpOAV.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpRTP.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpRTP.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpSvc.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpSvc.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MSASCui.exe, destination_filename = \\?\C:\Program Files\Windows Defender\MSASCui.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MsMpCom.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MsMpCom.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MsMpLics.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MsMpLics.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MsMpRes.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MsMpRes.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\picking separated lib.exe, destination_filename = \\?\C:\Program Files\Windows Defender\picking separated lib.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\picking separated lib.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows Defender\picking separated lib.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Windows Defender\picking separated lib.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows Defender\picking separated lib.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Defender\picking separated lib.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Defender\picking separated lib.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x8f0
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\InkSeg.dll, destination_filename = \\?\C:\Program Files\Windows Journal\InkSeg.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\JNTFiltr.dll, destination_filename = \\?\C:\Program Files\Windows Journal\JNTFiltr.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\JNWDRV.dll, destination_filename = \\?\C:\Program Files\Windows Journal\JNWDRV.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\jnwdui.dll, destination_filename = \\?\C:\Program Files\Windows Journal\jnwdui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\jnwmon.dll, destination_filename = \\?\C:\Program Files\Windows Journal\jnwmon.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\jnwppr.dll, destination_filename = \\?\C:\Program Files\Windows Journal\jnwppr.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Journal.exe, destination_filename = \\?\C:\Program Files\Windows Journal\Journal.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\MSPVWCTL.DLL, destination_filename = \\?\C:\Program Files\Windows Journal\MSPVWCTL.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\NBDoc.DLL, destination_filename = \\?\C:\Program Files\Windows Journal\NBDoc.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\NBMapTIP.dll, destination_filename = \\?\C:\Program Files\Windows Journal\NBMapTIP.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\PDIALOG.exe, destination_filename = \\?\C:\Program Files\Windows Journal\PDIALOG.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x900
30
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\msoe.dll, destination_filename = \\?\C:\Program Files\Windows Mail\msoe.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\MSOERES.dll, destination_filename = \\?\C:\Program Files\Windows Mail\MSOERES.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\oeimport.dll, destination_filename = \\?\C:\Program Files\Windows Mail\oeimport.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\sims.exe, destination_filename = \\?\C:\Program Files\Windows Mail\sims.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Mail\sims.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows Mail\sims.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Windows Mail\sims.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows Mail\sims.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Mail\sims.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Mail\sims.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\wab.exe, destination_filename = \\?\C:\Program Files\Windows Mail\wab.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\wabfind.dll, destination_filename = \\?\C:\Program Files\Windows Mail\wabfind.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\wabimp.dll, destination_filename = \\?\C:\Program Files\Windows Mail\wabimp.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\wabmig.exe, destination_filename = \\?\C:\Program Files\Windows Mail\wabmig.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\WinMail.exe, destination_filename = \\?\C:\Program Files\Windows Mail\WinMail.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x91c
46
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\mpvis.DLL, destination_filename = \\?\C:\Program Files\Windows Media Player\mpvis.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\sentence-arrive-unnecessary.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\sentence-arrive-unnecessary.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\sentence-arrive-unnecessary.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows Media Player\sentence-arrive-unnecessary.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Windows Media Player\sentence-arrive-unnecessary.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows Media Player\sentence-arrive-unnecessary.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\sentence-arrive-unnecessary.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\sentence-arrive-unnecessary.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\setup_wm.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\setup_wm.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmlaunch.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmlaunch.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmpconfig.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmpconfig.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\WMPDMC.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\WMPDMC.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\WMPDMCCore.dll, destination_filename = \\?\C:\Program Files\Windows Media Player\WMPDMCCore.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmpenc.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmpenc.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmplayer.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmplayer.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\WMPMediaSharing.dll, destination_filename = \\?\C:\Program Files\Windows Media Player\WMPMediaSharing.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmpnetwk.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmpnetwk.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmpnscfg.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmpnscfg.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmpnssci.dll, destination_filename = \\?\C:\Program Files\Windows Media Player\wmpnssci.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\WMPNSSUI.dll, destination_filename = \\?\C:\Program Files\Windows Media Player\WMPNSSUI.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmprph.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmprph.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmpshare.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmpshare.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\WMPSideShowGadget.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\WMPSideShowGadget.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x8c8
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\ImagingDevices.exe, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\ImagingDevices.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\ImagingEngine.dll, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\ImagingEngine.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoAcq.dll, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoAcq.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoBase.dll, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoBase.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoViewer.dll, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoViewer.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x96c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Portable Devices\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Portable Devices\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Portable Devices\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Portable Devices\sqmapi.dll, destination_filename = \\?\C:\Program Files\Windows Portable Devices\sqmapi.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x578
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\sbdrop.dll, destination_filename = \\?\C:\Program Files\Windows Sidebar\sbdrop.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\settings.ini, destination_filename = \\?\C:\Program Files\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\sidebar.exe, destination_filename = \\?\C:\Program Files\Windows Sidebar\sidebar.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\wlsrvc.dll, destination_filename = \\?\C:\Program Files\Windows Sidebar\wlsrvc.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x600
37
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\ExtExport.exe, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\ExtExport.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\hmmapi.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\hmmapi.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\ie8props.propdesc, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\ie8props.propdesc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\iecompat.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\iecompat.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\iedvtool.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\iedvtool.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\ieinstal.exe, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\ieinstal.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\ielowutil.exe, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\ielowutil.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\ieproxy.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\ieproxy.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\IEShims.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\IEShims.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\iexplore.exe, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\iexplore.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\jsdbgui.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\jsdbgui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\msdbg2.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\msdbg2.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\pdm.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\pdm.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\sqmapi.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\sqmapi.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x7a8
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Java\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Java\jewel.exe, destination_filename = \\?\C:\Program Files (x86)\Java\jewel.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\jewel.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Java\jewel.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Java\jewel.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Java\jewel.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jewel.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jewel.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x5e0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Services\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Services\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp, destination_filename = \\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp id-bry0hIIfVldG0S8v.BDKR, destination_filename = \\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp |
|
1 |
Thread 0x440
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft.NET\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft.NET\browser accredited mil.exe, destination_filename = \\?\C:\Program Files (x86)\Microsoft.NET\browser accredited mil.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\browser accredited mil.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft.NET\browser accredited mil.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft.NET\browser accredited mil.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft.NET\browser accredited mil.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\browser accredited mil.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\browser accredited mil.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x5f8
52
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll, destination_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\application.ini, destination_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\application.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\application.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Mozilla Firefox\application.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Mozilla Firefox\application.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Mozilla Firefox\application.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\application.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\application.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll, destination_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe, destination_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.ini, destination_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Mozilla Firefox\crashreporter.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x674
36
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe, destination_filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe, destination_filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini, destination_filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x73c
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\MSBuild\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\MSBuild\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets, destination_filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\MSBuild\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\MSBuild\moore-encouraging-percent.exe, destination_filename = \\?\C:\Program Files (x86)\MSBuild\moore-encouraging-percent.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\MSBuild\moore-encouraging-percent.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\MSBuild\moore-encouraging-percent.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\MSBuild\moore-encouraging-percent.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\MSBuild\moore-encouraging-percent.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\moore-encouraging-percent.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\moore-encouraging-percent.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x454
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Uninstall Information\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Uninstall Information\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Uninstall Information\traditions.exe, destination_filename = \\?\C:\Program Files (x86)\Uninstall Information\traditions.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Uninstall Information\traditions.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Uninstall Information\traditions.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Uninstall Information\traditions.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Uninstall Information\traditions.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Uninstall Information\traditions.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Uninstall Information\traditions.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x480
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\MpAsDesc.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\MpAsDesc.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\MpClient.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\MpClient.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\MpOAV.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\MpOAV.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\MsMpLics.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\MsMpLics.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x118
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\msoe.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\msoe.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\MSOERES.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\MSOERES.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\oeimport.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\oeimport.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\wab.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\wab.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\wabfind.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\wabfind.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\wabimp.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\wabimp.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\wabmig.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\wabmig.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\WinMail.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\WinMail.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x804
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\IconCache.db id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x82c
363
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\69-LUmry m-.bmp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\69-LUmry m-.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\69-LUmry m-.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\69-LUmry m-.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\69-LUmry m-.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\69-LUmry m-.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\69-LUmry m-.bmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\69-LUmry m-.bmp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6cHawfktiEZ.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6cHawfktiEZ.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6cHawfktiEZ.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6cHawfktiEZ.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6cHawfktiEZ.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6cHawfktiEZ.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6cHawfktiEZ.wav id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6cHawfktiEZ.wav id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6tU1DrgevnlBIXwjA.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6tU1DrgevnlBIXwjA.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6tU1DrgevnlBIXwjA.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6tU1DrgevnlBIXwjA.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6tU1DrgevnlBIXwjA.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6tU1DrgevnlBIXwjA.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6tU1DrgevnlBIXwjA.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\6tU1DrgevnlBIXwjA.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8hzaVpqj7b2yZS4hQQX8.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8hzaVpqj7b2yZS4hQQX8.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8hzaVpqj7b2yZS4hQQX8.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8hzaVpqj7b2yZS4hQQX8.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8hzaVpqj7b2yZS4hQQX8.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8hzaVpqj7b2yZS4hQQX8.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8hzaVpqj7b2yZS4hQQX8.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8hzaVpqj7b2yZS4hQQX8.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\b2ut2.avi, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\b2ut2.avi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\b2ut2.avi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\b2ut2.avi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\b2ut2.avi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\b2ut2.avi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\b2ut2.avi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\b2ut2.avi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Cj O Dl60Ws_W.ots, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Cj O Dl60Ws_W.ots id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Cj O Dl60Ws_W.ots id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Cj O Dl60Ws_W.ots id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Cj O Dl60Ws_W.ots id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Cj O Dl60Ws_W.ots id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Cj O Dl60Ws_W.ots id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Cj O Dl60Ws_W.ots id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\D3kKjfyCTl.avi, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\D3kKjfyCTl.avi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\D3kKjfyCTl.avi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\D3kKjfyCTl.avi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\D3kKjfyCTl.avi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\D3kKjfyCTl.avi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\D3kKjfyCTl.avi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\D3kKjfyCTl.avi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F7hYN.ots, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F7hYN.ots id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F7hYN.ots id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F7hYN.ots id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F7hYN.ots id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F7hYN.ots id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F7hYN.ots id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F7hYN.ots id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\f8Ro3n.pptx, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\f8Ro3n.pptx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\f8Ro3n.pptx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\f8Ro3n.pptx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\f8Ro3n.pptx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\f8Ro3n.pptx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\f8Ro3n.pptx id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\f8Ro3n.pptx id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\GxY9j-YD0CfIAbkw0.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\GxY9j-YD0CfIAbkw0.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\GxY9j-YD0CfIAbkw0.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\GxY9j-YD0CfIAbkw0.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\GxY9j-YD0CfIAbkw0.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\GxY9j-YD0CfIAbkw0.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\GxY9j-YD0CfIAbkw0.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\GxY9j-YD0CfIAbkw0.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\G_LitrMcKt.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\G_LitrMcKt.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\G_LitrMcKt.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\G_LitrMcKt.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\G_LitrMcKt.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\G_LitrMcKt.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\G_LitrMcKt.wav id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\G_LitrMcKt.wav id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h-HTnXxEnveIM20.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h-HTnXxEnveIM20.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h-HTnXxEnveIM20.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h-HTnXxEnveIM20.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h-HTnXxEnveIM20.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h-HTnXxEnveIM20.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h-HTnXxEnveIM20.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h-HTnXxEnveIM20.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\H4rg2nkN_C8pmo9n.jpg, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\H4rg2nkN_C8pmo9n.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\H4rg2nkN_C8pmo9n.jpg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\H4rg2nkN_C8pmo9n.jpg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\H4rg2nkN_C8pmo9n.jpg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\H4rg2nkN_C8pmo9n.jpg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\H4rg2nkN_C8pmo9n.jpg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\H4rg2nkN_C8pmo9n.jpg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h84ce25Cd2e.csv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h84ce25Cd2e.csv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h84ce25Cd2e.csv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h84ce25Cd2e.csv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h84ce25Cd2e.csv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h84ce25Cd2e.csv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h84ce25Cd2e.csv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\h84ce25Cd2e.csv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HQDxBZD6HlJy7LLor.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HQDxBZD6HlJy7LLor.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HQDxBZD6HlJy7LLor.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HQDxBZD6HlJy7LLor.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HQDxBZD6HlJy7LLor.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HQDxBZD6HlJy7LLor.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HQDxBZD6HlJy7LLor.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HQDxBZD6HlJy7LLor.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\jLfOoXctrtajuOXkJWbB.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\jLfOoXctrtajuOXkJWbB.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\jLfOoXctrtajuOXkJWbB.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\jLfOoXctrtajuOXkJWbB.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\jLfOoXctrtajuOXkJWbB.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\jLfOoXctrtajuOXkJWbB.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\jLfOoXctrtajuOXkJWbB.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\jLfOoXctrtajuOXkJWbB.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\LtrqqbP.mkv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\LtrqqbP.mkv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\LtrqqbP.mkv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\LtrqqbP.mkv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\LtrqqbP.mkv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\LtrqqbP.mkv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\LtrqqbP.mkv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\LtrqqbP.mkv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qMoHu7gI.flv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qMoHu7gI.flv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qMoHu7gI.flv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qMoHu7gI.flv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qMoHu7gI.flv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qMoHu7gI.flv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qMoHu7gI.flv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qMoHu7gI.flv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\QQm9 JXI33bPKtzQI.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\QQm9 JXI33bPKtzQI.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\QQm9 JXI33bPKtzQI.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\QQm9 JXI33bPKtzQI.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\QQm9 JXI33bPKtzQI.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\QQm9 JXI33bPKtzQI.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\QQm9 JXI33bPKtzQI.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\QQm9 JXI33bPKtzQI.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qUPt7PlaxE1RY9rpDm.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qUPt7PlaxE1RY9rpDm.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qUPt7PlaxE1RY9rpDm.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qUPt7PlaxE1RY9rpDm.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qUPt7PlaxE1RY9rpDm.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qUPt7PlaxE1RY9rpDm.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qUPt7PlaxE1RY9rpDm.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\qUPt7PlaxE1RY9rpDm.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Rh3gf-zsV.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Rh3gf-zsV.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Rh3gf-zsV.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Rh3gf-zsV.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Rh3gf-zsV.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Rh3gf-zsV.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Rh3gf-zsV.wav id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Rh3gf-zsV.wav id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\RhM7dZ0Ojg60m.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\RhM7dZ0Ojg60m.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\RhM7dZ0Ojg60m.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\RhM7dZ0Ojg60m.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\RhM7dZ0Ojg60m.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\RhM7dZ0Ojg60m.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\RhM7dZ0Ojg60m.wav id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\RhM7dZ0Ojg60m.wav id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SKC4gL-p7lgC.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SKC4gL-p7lgC.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SKC4gL-p7lgC.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SKC4gL-p7lgC.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SKC4gL-p7lgC.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SKC4gL-p7lgC.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SKC4gL-p7lgC.wav id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SKC4gL-p7lgC.wav id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\t5N8NdUoe08ojpA.jpg, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\t5N8NdUoe08ojpA.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\t5N8NdUoe08ojpA.jpg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\t5N8NdUoe08ojpA.jpg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\t5N8NdUoe08ojpA.jpg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\t5N8NdUoe08ojpA.jpg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\t5N8NdUoe08ojpA.jpg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\t5N8NdUoe08ojpA.jpg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\T8IXEpn4.bmp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\T8IXEpn4.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\T8IXEpn4.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\T8IXEpn4.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\T8IXEpn4.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\T8IXEpn4.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\T8IXEpn4.bmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\T8IXEpn4.bmp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\tIzLrD3rrMP1SB9mMw.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\tIzLrD3rrMP1SB9mMw.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\tIzLrD3rrMP1SB9mMw.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\tIzLrD3rrMP1SB9mMw.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\tIzLrD3rrMP1SB9mMw.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\tIzLrD3rrMP1SB9mMw.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\tIzLrD3rrMP1SB9mMw.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\tIzLrD3rrMP1SB9mMw.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Tj9TheJG.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Tj9TheJG.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Tj9TheJG.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Tj9TheJG.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Tj9TheJG.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Tj9TheJG.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Tj9TheJG.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Tj9TheJG.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\TnW-fj.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\TnW-fj.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\TnW-fj.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\TnW-fj.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\TnW-fj.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\TnW-fj.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\TnW-fj.wav id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\TnW-fj.wav id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\uJGJLL_Kx3MtJ4.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\uJGJLL_Kx3MtJ4.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\uJGJLL_Kx3MtJ4.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\uJGJLL_Kx3MtJ4.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\uJGJLL_Kx3MtJ4.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\uJGJLL_Kx3MtJ4.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\uJGJLL_Kx3MtJ4.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\uJGJLL_Kx3MtJ4.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\xg1VxzzdA.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\xg1VxzzdA.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\xg1VxzzdA.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\xg1VxzzdA.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\xg1VxzzdA.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\xg1VxzzdA.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\xg1VxzzdA.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\xg1VxzzdA.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\yHeObV_6Ud6G.pps, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\yHeObV_6Ud6G.pps id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\yHeObV_6Ud6G.pps id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\yHeObV_6Ud6G.pps id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\yHeObV_6Ud6G.pps id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\yHeObV_6Ud6G.pps id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\yHeObV_6Ud6G.pps id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\yHeObV_6Ud6G.pps id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ykESCSWZJaD_Jlo8Et.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ykESCSWZJaD_Jlo8Et.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ykESCSWZJaD_Jlo8Et.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ykESCSWZJaD_Jlo8Et.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ykESCSWZJaD_Jlo8Et.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ykESCSWZJaD_Jlo8Et.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ykESCSWZJaD_Jlo8Et.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ykESCSWZJaD_Jlo8Et.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\zHcrGT.avi, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\zHcrGT.avi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\zHcrGT.avi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\zHcrGT.avi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\zHcrGT.avi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\zHcrGT.avi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 |
Thread 0x830
86
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\0TuiOM62.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\0TuiOM62.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\0TuiOM62.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\0TuiOM62.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\0TuiOM62.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\0TuiOM62.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\4t-7-GHSbfJZ.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\4t-7-GHSbfJZ.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\4t-7-GHSbfJZ.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\4t-7-GHSbfJZ.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\4t-7-GHSbfJZ.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\4t-7-GHSbfJZ.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\4t-7-GHSbfJZ.wav id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\4t-7-GHSbfJZ.wav id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\6 6JppDDb.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\6 6JppDDb.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\6 6JppDDb.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\6 6JppDDb.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\6 6JppDDb.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\6 6JppDDb.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\6 6JppDDb.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\6 6JppDDb.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\90gCcG7fd.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\90gCcG7fd.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\90gCcG7fd.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\90gCcG7fd.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\90gCcG7fd.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\90gCcG7fd.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\90gCcG7fd.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\90gCcG7fd.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\9Q08f8qI8-EUS1ATwKx.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\9Q08f8qI8-EUS1ATwKx.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\9Q08f8qI8-EUS1ATwKx.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\9Q08f8qI8-EUS1ATwKx.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\9Q08f8qI8-EUS1ATwKx.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\9Q08f8qI8-EUS1ATwKx.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\9Q08f8qI8-EUS1ATwKx.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\9Q08f8qI8-EUS1ATwKx.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\iJ-ZpQPb5YO5-LGM1KVt.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\iJ-ZpQPb5YO5-LGM1KVt.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\iJ-ZpQPb5YO5-LGM1KVt.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\iJ-ZpQPb5YO5-LGM1KVt.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\iJ-ZpQPb5YO5-LGM1KVt.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\iJ-ZpQPb5YO5-LGM1KVt.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\iJ-ZpQPb5YO5-LGM1KVt.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\iJ-ZpQPb5YO5-LGM1KVt.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\Ls0PdHw.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\Ls0PdHw.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\Ls0PdHw.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\Ls0PdHw.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\Ls0PdHw.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\Ls0PdHw.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\Ls0PdHw.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\Ls0PdHw.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\mctPQS_kMsv.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\mctPQS_kMsv.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\mctPQS_kMsv.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\mctPQS_kMsv.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\mctPQS_kMsv.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\mctPQS_kMsv.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x858
73
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x8cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log, destination_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x8b4
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\DW\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\DW\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\Skins\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x8bc
58
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x8b8
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x8c0
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x980
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x984
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x978
127
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x9e0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x9e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\9Q08f8qI8-EUS1ATwKx.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x9f8
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x9f4
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x9f0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x9e8
31
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FDATE.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FDATE.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FDATE.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FDATE.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FDATE.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FDATE.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPERSON.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPERSON.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPERSON.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPERSON.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPERSON.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPERSON.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x9dc
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x9fc
100
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x94c
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x9d4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa24
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xa28
31
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx, destination_filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx, destination_filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx, destination_filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x9a0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Office14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Office14\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Office14\ACCDDS.DLL, destination_filename = \\?\C:\Program Files\Microsoft Office\Office14\ACCDDS.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Office14\ACCDDS.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Office14\ACCDDS.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Office14\ACCDDS.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Office14\ACCDDS.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x968
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Mail\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Mail\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\en-US\msoeres.dll.mui, destination_filename = \\?\C:\Program Files\Windows Mail\en-US\msoeres.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\en-US\WinMail.exe.mui, destination_filename = \\?\C:\Program Files\Windows Mail\en-US\WinMail.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x974
27
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPDMCCore.dll.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPDMCCore.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa60
17
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x98c
37
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png, destination_filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Skins\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\Skins\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\Skins\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Skins\Revert.wmz, destination_filename = \\?\C:\Program Files\Windows Media Player\Skins\Revert.wmz id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x3b0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\Accessories\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows NT\Accessories\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows NT\Accessories\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\Accessories\wordpad.exe, destination_filename = \\?\C:\Program Files\Windows NT\Accessories\wordpad.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\Accessories\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\Accessories\WordpadFilter.dll, destination_filename = \\?\C:\Program Files\Windows NT\Accessories\WordpadFilter.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x3c8
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextService.dll, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextService.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x3bc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui, destination_filename = \\?\C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui, destination_filename = \\?\C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa6c
27
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Uninstall Information\traditions.exe id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp, destination_filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp, destination_filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp, destination_filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x5dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Mozilla\logs\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Mozilla\logs\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Mozilla\logs\maintenanceservice-install.log id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log, destination_filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa70
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll, destination_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x90c
21
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\hmmapi.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\hmmapi.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\iedvtool.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\iedvtool.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\ieinstal.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\ieinstal.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\ielowutil.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\ielowutil.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\jsdbgui.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\jsdbgui.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\jsdebuggeride.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\jsdebuggeride.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\JSProfilerCore.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\JSProfilerCore.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\jsprofilerui.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\jsprofilerui.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x910
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x920
42
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL, destination_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll, destination_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL, destination_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL, destination_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x438
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\DirectDB.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\DirectDB.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\wab32.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\wab32.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\wab32res.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\wab32res.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x7d0
29
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\mpvis.DLL, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\mpvis.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\setup_wm.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\setup_wm.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmlaunch.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmlaunch.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpconfig.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpconfig.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPDMC.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPDMC.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPDMCCore.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPDMCCore.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpenc.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpenc.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmplayer.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmplayer.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPMediaSharing.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPMediaSharing.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpnssci.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpnssci.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPNSSUI.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPNSSUI.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmprph.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmprph.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpshare.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpshare.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x7b8
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\motorola spank thomas.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\motorola spank thomas.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\motorola spank thomas.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Windows Photo Viewer\motorola spank thomas.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\motorola spank thomas.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Windows Photo Viewer\motorola spank thomas.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\motorola spank thomas.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\motorola spank thomas.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x7bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x110
35
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\mold.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\mold.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\mold.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Windows Sidebar\mold.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Windows Sidebar\mold.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Windows Sidebar\mold.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\mold.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\mold.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\sbdrop.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\sbdrop.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\settings.ini, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\settings.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\sidebar.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\sidebar.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\ti-skip-independence.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\ti-skip-independence.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\ti-skip-independence.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Windows Sidebar\ti-skip-independence.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Windows Sidebar\ti-skip-independence.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Windows Sidebar\ti-skip-independence.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x7dc
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x62c
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\DVD Maker\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\DVD Maker\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui, destination_filename = \\?\C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui, destination_filename = \\?\C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui, destination_filename = \\?\C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x360
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm, destination_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm, destination_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll, destination_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll id-bry0hIIfVldG0S8v.BDKR, destination_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll |
|
1 |
Thread 0x738
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0x418
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VC\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VC\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\IrakHau.htm id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x328
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VGX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VGX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VGX\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x7ac
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x6a4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x468
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui, destination_filename = \\?\C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui, destination_filename = \\?\C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui, destination_filename = \\?\C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x67c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\Accessories\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows NT\Accessories\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows NT\Accessories\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui, destination_filename = \\?\C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x680
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows NT\TableTextService\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x794
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x344
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Services\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Services\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Services\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Services\verisign.bmp, destination_filename = \\?\C:\Program Files\Common Files\Services\verisign.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Services\verisign.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Services\verisign.bmp id-bry0hIIfVldG0S8v.BDKR, destination_filename = \\?\C:\Program Files\Common Files\Services\verisign.bmp |
|
1 |
Thread 0xa74
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\DirectDB.dll, destination_filename = \\?\C:\Program Files\Common Files\System\DirectDB.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\wab32.dll, destination_filename = \\?\C:\Program Files\Common Files\System\wab32.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\wab32res.dll, destination_filename = \\?\C:\Program Files\Common Files\System\wab32res.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x584
377
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\17OCGHFRMI5H.jpg, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\17OCGHFRMI5H.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\17OCGHFRMI5H.jpg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\17OCGHFRMI5H.jpg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\17OCGHFRMI5H.jpg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\17OCGHFRMI5H.jpg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\17OCGHFRMI5H.jpg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\17OCGHFRMI5H.jpg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3_jeQviZoYNlnOtMBcq.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3_jeQviZoYNlnOtMBcq.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3_jeQviZoYNlnOtMBcq.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3_jeQviZoYNlnOtMBcq.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3_jeQviZoYNlnOtMBcq.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3_jeQviZoYNlnOtMBcq.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3_jeQviZoYNlnOtMBcq.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3_jeQviZoYNlnOtMBcq.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6wzmOUQs0Tg8egP.jpg, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6wzmOUQs0Tg8egP.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6wzmOUQs0Tg8egP.jpg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6wzmOUQs0Tg8egP.jpg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6wzmOUQs0Tg8egP.jpg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6wzmOUQs0Tg8egP.jpg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6wzmOUQs0Tg8egP.jpg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6wzmOUQs0Tg8egP.jpg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\82U1GLPSN4SRNIud.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\82U1GLPSN4SRNIud.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\82U1GLPSN4SRNIud.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\82U1GLPSN4SRNIud.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\82U1GLPSN4SRNIud.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\82U1GLPSN4SRNIud.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\82U1GLPSN4SRNIud.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\82U1GLPSN4SRNIud.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9NWJiKv80-C.jpg, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9NWJiKv80-C.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9NWJiKv80-C.jpg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9NWJiKv80-C.jpg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9NWJiKv80-C.jpg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9NWJiKv80-C.jpg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AagfwO5FfrKxIJ.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AagfwO5FfrKxIJ.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AagfwO5FfrKxIJ.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AagfwO5FfrKxIJ.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AagfwO5FfrKxIJ.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AagfwO5FfrKxIJ.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AagfwO5FfrKxIJ.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AagfwO5FfrKxIJ.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\be8uU4s7v.bmp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\be8uU4s7v.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\be8uU4s7v.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\be8uU4s7v.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\be8uU4s7v.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\be8uU4s7v.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\be8uU4s7v.bmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\be8uU4s7v.bmp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bVC-tf9cuKZd9WIKBbf.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bVC-tf9cuKZd9WIKBbf.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bVC-tf9cuKZd9WIKBbf.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bVC-tf9cuKZd9WIKBbf.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bVC-tf9cuKZd9WIKBbf.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bVC-tf9cuKZd9WIKBbf.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bVC-tf9cuKZd9WIKBbf.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bVC-tf9cuKZd9WIKBbf.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BXRrb4wqQer.jpg, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BXRrb4wqQer.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BXRrb4wqQer.jpg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BXRrb4wqQer.jpg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BXRrb4wqQer.jpg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BXRrb4wqQer.jpg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BXRrb4wqQer.jpg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BXRrb4wqQer.jpg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\c1M5lwW.bmp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\c1M5lwW.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\c1M5lwW.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\c1M5lwW.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\c1M5lwW.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\c1M5lwW.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\cQRffh50TJ.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\cQRffh50TJ.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\cQRffh50TJ.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\cQRffh50TJ.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\cQRffh50TJ.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\cQRffh50TJ.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\cQRffh50TJ.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\cQRffh50TJ.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\DuvSsdgB.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\DuvSsdgB.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\DuvSsdgB.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\DuvSsdgB.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\DuvSsdgB.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\DuvSsdgB.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\DuvSsdgB.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\DuvSsdgB.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghoVSrE2rI.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghoVSrE2rI.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghoVSrE2rI.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghoVSrE2rI.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghoVSrE2rI.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghoVSrE2rI.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghoVSrE2rI.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghoVSrE2rI.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iAeOeT.jpg, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iAeOeT.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iAeOeT.jpg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iAeOeT.jpg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iAeOeT.jpg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iAeOeT.jpg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iAeOeT.jpg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iAeOeT.jpg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\KU8coeDggn.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\KU8coeDggn.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\KU8coeDggn.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\KU8coeDggn.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\KU8coeDggn.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\KU8coeDggn.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\KU8coeDggn.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\KU8coeDggn.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Lhdb7FgPQ1J3_Q8MQ.jpg, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Lhdb7FgPQ1J3_Q8MQ.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Lhdb7FgPQ1J3_Q8MQ.jpg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Lhdb7FgPQ1J3_Q8MQ.jpg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Lhdb7FgPQ1J3_Q8MQ.jpg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Lhdb7FgPQ1J3_Q8MQ.jpg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Lhdb7FgPQ1J3_Q8MQ.jpg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Lhdb7FgPQ1J3_Q8MQ.jpg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\M3H2AMCOsHfNXWLKK.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\M3H2AMCOsHfNXWLKK.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\M3H2AMCOsHfNXWLKK.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\M3H2AMCOsHfNXWLKK.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\M3H2AMCOsHfNXWLKK.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\M3H2AMCOsHfNXWLKK.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\M3H2AMCOsHfNXWLKK.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\M3H2AMCOsHfNXWLKK.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mkItPg.bmp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mkItPg.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mkItPg.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mkItPg.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mkItPg.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mkItPg.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mkItPg.bmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mkItPg.bmp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mLz5aTSV45LFpR.jpg, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mLz5aTSV45LFpR.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mLz5aTSV45LFpR.jpg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mLz5aTSV45LFpR.jpg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mLz5aTSV45LFpR.jpg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mLz5aTSV45LFpR.jpg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mLz5aTSV45LFpR.jpg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mLz5aTSV45LFpR.jpg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mqSXx4krgCAtBWFKak6.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mqSXx4krgCAtBWFKak6.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mqSXx4krgCAtBWFKak6.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mqSXx4krgCAtBWFKak6.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mqSXx4krgCAtBWFKak6.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mqSXx4krgCAtBWFKak6.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mqSXx4krgCAtBWFKak6.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mqSXx4krgCAtBWFKak6.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\N3cQX8Etk.bmp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\N3cQX8Etk.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\N3cQX8Etk.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\N3cQX8Etk.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\N3cQX8Etk.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\N3cQX8Etk.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\N3cQX8Etk.bmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\N3cQX8Etk.bmp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NqV8Oj332_g4dk.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NqV8Oj332_g4dk.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NqV8Oj332_g4dk.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NqV8Oj332_g4dk.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NqV8Oj332_g4dk.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NqV8Oj332_g4dk.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NqV8Oj332_g4dk.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NqV8Oj332_g4dk.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Qhdj.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Qhdj.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Qhdj.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Qhdj.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Qhdj.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Qhdj.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Qhdj.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Qhdj.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QkQ63xnrFn3yf00M- H.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QkQ63xnrFn3yf00M- H.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QkQ63xnrFn3yf00M- H.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QkQ63xnrFn3yf00M- H.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QkQ63xnrFn3yf00M- H.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QkQ63xnrFn3yf00M- H.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QkQ63xnrFn3yf00M- H.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QkQ63xnrFn3yf00M- H.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Ssj2-RG.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Ssj2-RG.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Ssj2-RG.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Ssj2-RG.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Ssj2-RG.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Ssj2-RG.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Ssj2-RG.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Ssj2-RG.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\usLic1N81-rLloJD.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\usLic1N81-rLloJD.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\usLic1N81-rLloJD.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\usLic1N81-rLloJD.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\usLic1N81-rLloJD.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\usLic1N81-rLloJD.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\usLic1N81-rLloJD.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\usLic1N81-rLloJD.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vs9s rE86URZWip2n.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vs9s rE86URZWip2n.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vs9s rE86URZWip2n.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vs9s rE86URZWip2n.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vs9s rE86URZWip2n.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vs9s rE86URZWip2n.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vs9s rE86URZWip2n.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vs9s rE86URZWip2n.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\W1S7Fs61QLru.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\W1S7Fs61QLru.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\W1S7Fs61QLru.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\W1S7Fs61QLru.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\W1S7Fs61QLru.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\W1S7Fs61QLru.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\W1S7Fs61QLru.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\W1S7Fs61QLru.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\w2-6Kr.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\w2-6Kr.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\w2-6Kr.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\w2-6Kr.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\w2-6Kr.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\w2-6Kr.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\w2-6Kr.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\w2-6Kr.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zCfM_ObF5iT.gif, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zCfM_ObF5iT.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zCfM_ObF5iT.gif id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zCfM_ObF5iT.gif id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zCfM_ObF5iT.gif id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zCfM_ObF5iT.gif id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zCfM_ObF5iT.gif id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zCfM_ObF5iT.gif id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zUMBWC.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zUMBWC.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zUMBWC.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zUMBWC.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zUMBWC.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zUMBWC.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zUMBWC.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zUMBWC.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZxDAg1y5.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZxDAg1y5.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZxDAg1y5.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZxDAg1y5.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZxDAg1y5.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZxDAg1y5.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZxDAg1y5.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZxDAg1y5.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_Xpe4np2fCU7yRHo Xj.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_Xpe4np2fCU7yRHo Xj.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_Xpe4np2fCU7yRHo Xj.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_Xpe4np2fCU7yRHo Xj.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_Xpe4np2fCU7yRHo Xj.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_Xpe4np2fCU7yRHo Xj.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_Xpe4np2fCU7yRHo Xj.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_Xpe4np2fCU7yRHo Xj.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x54c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Uninstall Information\traditions.exe id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xc0
38
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x6bc
47
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6SgVBsYZdT.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6SgVBsYZdT.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6SgVBsYZdT.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6SgVBsYZdT.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6SgVBsYZdT.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6SgVBsYZdT.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6SgVBsYZdT.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6SgVBsYZdT.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BDLjWOroke8o.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BDLjWOroke8o.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BDLjWOroke8o.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BDLjWOroke8o.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BDLjWOroke8o.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BDLjWOroke8o.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BDLjWOroke8o.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BDLjWOroke8o.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zkHjeCw.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zkHjeCw.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zkHjeCw.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zkHjeCw.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zkHjeCw.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zkHjeCw.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zkHjeCw.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zkHjeCw.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa8c
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll, destination_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xab0
31
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL, destination_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL, destination_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll, destination_filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xa94
21
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\wmlaunch.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\wmlaunch.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPDMC.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPDMC.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPDMCCore.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPDMCCore.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa90
17
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\avtransport.xml, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\avtransport.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\connectionmanager_dmr.xml, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\connectionmanager_dmr.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.jpg, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.png, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.jpg, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.png, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\RenderingControl.xml, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\RenderingControl.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa80
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa88
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\en-US\sbdrop.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\en-US\sbdrop.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\en-US\Sidebar.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\en-US\Sidebar.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xae0
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin, destination_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Music\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Music\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0xae8
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, destination_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xaa4
30
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xab4
62
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xb38
65
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb08
36
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll, destination_filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll, destination_filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.SqlServerCe.dll, destination_filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.SqlServerCe.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.SqlServerCe.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.SqlServerCe.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.SqlServerCe.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.SqlServerCe.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.SqlServerCe.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.SqlServerCe.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xac8
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata, destination_filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xacc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Sun\Java\Java Update\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Sun\Java\Java Update\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Sun\Java\Java Update\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, destination_filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xaf4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Mozilla\logs\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Mozilla\logs\maintenanceservice-install.log, destination_filename = \\?\C:\Users\All Users\Mozilla\logs\maintenanceservice-install.log id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Mozilla\logs\maintenanceservice-install.log id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Mozilla\logs\maintenanceservice-install.log id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Mozilla\logs\maintenanceservice-install.log id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Mozilla\logs\maintenanceservice-install.log id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Mozilla\logs\maintenanceservice-install.log id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Mozilla\logs\maintenanceservice-install.log id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xb14
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb18
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xafc
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb1c
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb00
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb20
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xaf0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb24
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb04
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb30
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, destination_filename = \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, destination_filename = \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xaec
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, destination_filename = \\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-bry0hIIfVldG0S8v.BDKR, destination_filename = \\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm |
|
1 |
Thread 0xb64
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, destination_filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe, destination_filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb90
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, destination_filename = \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe, destination_filename = \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb94
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, destination_filename = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe, destination_filename = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xbb0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm, destination_filename = \\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe, destination_filename = \\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xba4
47
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\8xX2fIJi.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\8xX2fIJi.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\8xX2fIJi.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\8xX2fIJi.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\8xX2fIJi.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\8xX2fIJi.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\8xX2fIJi.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\8xX2fIJi.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\ArpKK-QGNbVoL.flv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\ArpKK-QGNbVoL.flv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\ArpKK-QGNbVoL.flv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\ArpKK-QGNbVoL.flv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\ArpKK-QGNbVoL.flv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\ArpKK-QGNbVoL.flv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\ArpKK-QGNbVoL.flv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\ArpKK-QGNbVoL.flv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\CouoxFa1.flv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\CouoxFa1.flv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\CouoxFa1.flv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\CouoxFa1.flv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\CouoxFa1.flv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\CouoxFa1.flv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\CouoxFa1.flv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\CouoxFa1.flv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\lp0OA0hCWhhS.mp4, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\lp0OA0hCWhhS.mp4 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\lp0OA0hCWhhS.mp4 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\lp0OA0hCWhhS.mp4 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\lp0OA0hCWhhS.mp4 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\lp0OA0hCWhhS.mp4 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\lp0OA0hCWhhS.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\lp0OA0hCWhhS.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xbfc
36
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\browser accredited mil.exe id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\IEaKhwDUaCNJ5.mkv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\IEaKhwDUaCNJ5.mkv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\IEaKhwDUaCNJ5.mkv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\IEaKhwDUaCNJ5.mkv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\IEaKhwDUaCNJ5.mkv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\IEaKhwDUaCNJ5.mkv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\IEaKhwDUaCNJ5.mkv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\IEaKhwDUaCNJ5.mkv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\lMHvIe3HLUK9sBCYE5a.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\lMHvIe3HLUK9sBCYE5a.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\lMHvIe3HLUK9sBCYE5a.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\lMHvIe3HLUK9sBCYE5a.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\lMHvIe3HLUK9sBCYE5a.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\lMHvIe3HLUK9sBCYE5a.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\lMHvIe3HLUK9sBCYE5a.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\lMHvIe3HLUK9sBCYE5a.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\Tly1NB.mkv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\Tly1NB.mkv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\Tly1NB.mkv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\Tly1NB.mkv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\Tly1NB.mkv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\Tly1NB.mkv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\Tly1NB.mkv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hUrKRx28Hz-Nx\Tly1NB.mkv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x15c
36
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\82NPkSzIwNQa.mp4, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\82NPkSzIwNQa.mp4 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\82NPkSzIwNQa.mp4 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\82NPkSzIwNQa.mp4 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\82NPkSzIwNQa.mp4 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\82NPkSzIwNQa.mp4 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\82NPkSzIwNQa.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\82NPkSzIwNQa.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\fWCi8GqHv.flv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\fWCi8GqHv.flv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\fWCi8GqHv.flv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\fWCi8GqHv.flv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\fWCi8GqHv.flv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\fWCi8GqHv.flv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\fWCi8GqHv.flv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\fWCi8GqHv.flv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\uvT3U1eLcUuXN33LX1.flv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\uvT3U1eLcUuXN33LX1.flv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\uvT3U1eLcUuXN33LX1.flv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\uvT3U1eLcUuXN33LX1.flv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\uvT3U1eLcUuXN33LX1.flv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\uvT3U1eLcUuXN33LX1.flv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\uvT3U1eLcUuXN33LX1.flv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\uvT3U1eLcUuXN33LX1.flv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x808
47
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\8YBa.mkv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\8YBa.mkv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\8YBa.mkv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\8YBa.mkv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\8YBa.mkv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\8YBa.mkv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\8YBa.mkv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\8YBa.mkv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\bc3GSd9GTrIuC8yT.avi, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\bc3GSd9GTrIuC8yT.avi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\bc3GSd9GTrIuC8yT.avi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\bc3GSd9GTrIuC8yT.avi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\bc3GSd9GTrIuC8yT.avi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\bc3GSd9GTrIuC8yT.avi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\bc3GSd9GTrIuC8yT.avi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\bc3GSd9GTrIuC8yT.avi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\JwY69bt7Heb.flv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\JwY69bt7Heb.flv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\JwY69bt7Heb.flv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\JwY69bt7Heb.flv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\JwY69bt7Heb.flv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\JwY69bt7Heb.flv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\JwY69bt7Heb.flv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\JwY69bt7Heb.flv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\wP80jSXk-sTG.mkv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\wP80jSXk-sTG.mkv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\wP80jSXk-sTG.mkv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\wP80jSXk-sTG.mkv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\wP80jSXk-sTG.mkv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\wP80jSXk-sTG.mkv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\wP80jSXk-sTG.mkv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z9nkSGY0laIlN\wP80jSXk-sTG.mkv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x848
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp, destination_filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp id-bry0hIIfVldG0S8v.BDKR, destination_filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp, destination_filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x83c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Sun\Java\Java Update\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml, destination_filename = \\?\C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xba8
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Default\Contacts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Contacts\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Contacts\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Contacts\Administrator.contact, destination_filename = \\?\C:\Users\Default\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Default\Contacts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Contacts\desktop.ini, destination_filename = \\?\C:\Users\Default\Contacts\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Contacts\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\Contacts\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\Contacts\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 |
Thread 0x870
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Default\Desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Desktop\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Desktop\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Desktop\desktop.ini, destination_filename = \\?\C:\Users\Default\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Desktop\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x86c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Default\Documents\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Documents\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Documents\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Documents\desktop.ini, destination_filename = \\?\C:\Users\Default\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x938
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Default\Downloads\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Downloads\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Downloads\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Downloads\desktop.ini, destination_filename = \\?\C:\Users\Default\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x96c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Default\Favorites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Favorites\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Favorites\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Favorites\desktop.ini, destination_filename = \\?\C:\Users\Default\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Favorites\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x578
47
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Default\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Links\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Links\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Links\desktop.ini, destination_filename = \\?\C:\Users\Default\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Default\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Links\Desktop.lnk, destination_filename = \\?\C:\Users\Default\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Links\Desktop.lnk id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Default\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Links\Downloads.lnk, destination_filename = \\?\C:\Users\Default\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Links\Downloads.lnk id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Default\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Links\RecentPlaces.lnk, destination_filename = \\?\C:\Users\Default\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Links\RecentPlaces.lnk id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x838
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Default\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Music\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Music\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Music\desktop.ini, destination_filename = \\?\C:\Users\Default\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Default\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xb7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\DAO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\DAO\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\DAO\dao360.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\DAO\dao360.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x5d0
58
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xad0
15
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\InkDiv.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\InkDiv.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\InkObj.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\InkObj.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\journal.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\journal.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\micaut.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\micaut.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\Microsoft.Ink.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\Microsoft.Ink.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x4c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x7c8
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x90
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x560
54
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.htm, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.jpg, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.htm, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.jpg, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Green Bubbles.htm, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Green Bubbles.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\GreenBubbles.jpg, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\GreenBubbles.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Hand Prints.htm, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Hand Prints.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\HandPrints.jpg, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\HandPrints.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Orange Circles.htm, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Orange Circles.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\OrangeCircles.jpg, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\OrangeCircles.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Peacock.htm, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Peacock.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Peacock.jpg, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Peacock.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.htm, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.jpg, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Shades of Blue.htm, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Shades of Blue.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Soft Blue.htm, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Soft Blue.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\SoftBlue.jpg, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\SoftBlue.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Stars.htm, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Stars.htm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Stars.jpg, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Stars.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x310
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x314
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VGX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VGX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VGX\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VGX\VGX.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VGX\VGX.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x5a4
41
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\Access\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\Access\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee100.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee100.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee100.tlb id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee100.tlb id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee100.tlb id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee100.tlb id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee100.tlb id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee100.tlb id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee90.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee90.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee90.tlb id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee90.tlb id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee90.tlb id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee90.tlb id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x9c8
53
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Java\jre7\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\jre7\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT, destination_filename = \\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\COPYRIGHT id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Java\jre7\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Java\jre7\LICENSE, destination_filename = \\?\C:\Program Files (x86)\Java\jre7\LICENSE id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\jre7\LICENSE id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Java\jre7\LICENSE id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Java\jre7\LICENSE id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Java\jre7\LICENSE id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\LICENSE id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\LICENSE id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Java\jre7\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Java\jre7\README.txt, destination_filename = \\?\C:\Program Files (x86)\Java\jre7\README.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\jre7\README.txt id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Java\jre7\README.txt id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Java\jre7\README.txt id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Java\jre7\README.txt id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\README.txt id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\README.txt id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Java\jre7\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Java\jre7\release, destination_filename = \\?\C:\Program Files (x86)\Java\jre7\release id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\jre7\release id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Java\jre7\release id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Java\jre7\release id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Java\jre7\release id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\release id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\release id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Java\jre7\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt, destination_filename = \\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xa48
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x968
62
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl, destination_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl, destination_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl, destination_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl, destination_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl, destination_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl, destination_filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 |
Thread 0x3b0
41
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x3c8
129
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x8c8
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xb8c
36
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x488
58
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xb58
69
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x850
47
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x6a0
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}, destination_filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0} id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0} id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0} id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0} id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0} id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0} id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0} id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x624
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\FeedSync.dll, destination_filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\FeedSync.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\FeedSync.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\FeedSync.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\FeedSync.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\FeedSync.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x4a0
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets, destination_filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets, destination_filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x614
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\lp0OA0hCWhhS.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets, destination_filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets, destination_filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x854
17
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\Journal.exe.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\Journal.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x348
22
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D, destination_filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, destination_filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W, destination_filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x914
280
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.CAT, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.CAT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.CHS, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.CHS id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.CHT, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.CHT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.CZE, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.CZE id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DAN, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DAN id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DEU, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DEU id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.ESP, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.ESP id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.EUQ, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.EUQ id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.FRA, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.FRA id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.HRV, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.HRV id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.HUN, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.HUN id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.ITA, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.ITA id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.JPN, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.JPN id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.KOR, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.KOR id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.NLD, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.NLD id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.NOR, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.NOR id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.POL, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.POL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.PTB, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.PTB id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.RUM, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.RUM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.RUS, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.RUS id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.SKY, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.SKY id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.SLV, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.SLV id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.SUO, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.SUO id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.SVE, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.SVE id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.TUR, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.TUR id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.UKR, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.UKR id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CAT, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CAT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHT, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CZE, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CZE id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DAN, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DAN id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.ESP, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.ESP id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.EUQ, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.EUQ id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.FRA, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.FRA id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.HRV, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.HRV id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.HUN, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.HUN id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.ITA, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.ITA id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.JPN, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.JPN id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.KOR, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.KOR id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NOR, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NOR id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.PTB, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.PTB id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.RUM, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.RUM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.RUS, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.RUS id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SKY, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SKY id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SLV, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SLV id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SUO, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SUO id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SVE, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SVE id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.TUR, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.TUR id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.UKR, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.UKR id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x990
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, destination_filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x720
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-bry0hIIfVldG0S8v.BDKR, destination_filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm |
|
1 |
Thread 0xb3c
22
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe, destination_filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x504
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe, destination_filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x238
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe, destination_filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xc4
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x784
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, destination_filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x6d4
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Java\jre7\bin\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\jre7\bin\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Java\jre7\bin\awt.dll, destination_filename = \\?\C:\Program Files (x86)\Java\jre7\bin\awt.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\jre7\bin\awt.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Java\jre7\bin\awt.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Java\jre7\bin\awt.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Java\jre7\bin\awt.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x918
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x97c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x7a8
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x4e0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x4e8
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x8a0
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\DVD Maker\Shared\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\Common.fxh, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\Common.fxh id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DissolveAnother.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DissolveAnother.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DissolveNoise.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DissolveNoise.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\Filters.xml, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\Filters.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\Parity.fx, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\Parity.fx id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x844
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe, destination_filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll, destination_filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xadc
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll, destination_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt, destination_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt, destination_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt, destination_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt, destination_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt, destination_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt, destination_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt, destination_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xae4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\MpAsDesc.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\MpAsDesc.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\MpEvMsg.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\MpEvMsg.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x5b8
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe, destination_filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x468
75
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\33UdZO u-6J7rJrw.pptx, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\33UdZO u-6J7rJrw.pptx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\33UdZO u-6J7rJrw.pptx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\33UdZO u-6J7rJrw.pptx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\33UdZO u-6J7rJrw.pptx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\33UdZO u-6J7rJrw.pptx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\33UdZO u-6J7rJrw.pptx id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\33UdZO u-6J7rJrw.pptx id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\3giUFeu.csv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\3giUFeu.csv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\3giUFeu.csv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\3giUFeu.csv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\3giUFeu.csv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\3giUFeu.csv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\3giUFeu.csv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\3giUFeu.csv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\aYtHQeH.rtf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\aYtHQeH.rtf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\aYtHQeH.rtf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\aYtHQeH.rtf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\aYtHQeH.rtf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\aYtHQeH.rtf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\aYtHQeH.rtf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\aYtHQeH.rtf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\d-65AiIcrHa.docx, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\d-65AiIcrHa.docx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\d-65AiIcrHa.docx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\d-65AiIcrHa.docx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\d-65AiIcrHa.docx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\d-65AiIcrHa.docx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\d-65AiIcrHa.docx id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\d-65AiIcrHa.docx id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\drbC7FYWGRTf41U.odt, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\drbC7FYWGRTf41U.odt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\drbC7FYWGRTf41U.odt id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\drbC7FYWGRTf41U.odt id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\drbC7FYWGRTf41U.odt id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\drbC7FYWGRTf41U.odt id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\drbC7FYWGRTf41U.odt id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\drbC7FYWGRTf41U.odt id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\e0CFMAdmU03fxj-.odp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\e0CFMAdmU03fxj-.odp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\e0CFMAdmU03fxj-.odp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\e0CFMAdmU03fxj-.odp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\e0CFMAdmU03fxj-.odp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\e0CFMAdmU03fxj-.odp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\e0CFMAdmU03fxj-.odp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\e0CFMAdmU03fxj-.odp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\fMw7nSCPiwV9VRz.pps, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\fMw7nSCPiwV9VRz.pps id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\fMw7nSCPiwV9VRz.pps id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\fMw7nSCPiwV9VRz.pps id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\fMw7nSCPiwV9VRz.pps id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5M5 seT-5vd_voX\fMw7nSCPiwV9VRz.pps id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb10
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll, destination_filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x5dc
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Documents\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Documents\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Documents\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Documents\desktop.ini, destination_filename = \\?\C:\Users\Public\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Documents\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x454
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Downloads\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Downloads\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Downloads\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Downloads\desktop.ini, destination_filename = \\?\C:\Users\Public\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Downloads\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x3f8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll, destination_filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll, destination_filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x828
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml, destination_filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml, destination_filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa68
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Libraries\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Libraries\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Libraries\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Libraries\desktop.ini, destination_filename = \\?\C:\Users\Public\Libraries\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Libraries\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Libraries\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Libraries\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Libraries\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Libraries\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Libraries\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Public\Libraries\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms, destination_filename = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Libraries\RecordedTV.library-ms id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x820
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Music\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Music\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Music\desktop.ini, destination_filename = \\?\C:\Users\Public\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa1c
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x7f4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Pictures\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Pictures\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Pictures\desktop.ini, destination_filename = \\?\C:\Users\Public\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Pictures\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa40
37
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa34
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Recorded TV\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Recorded TV\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Recorded TV\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Recorded TV\desktop.ini, destination_filename = \\?\C:\Users\Public\Recorded TV\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Recorded TV\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Recorded TV\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Recorded TV\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Recorded TV\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Recorded TV\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Recorded TV\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa38
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\7-2tJN OYWR8M0.flv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\7-2tJN OYWR8M0.flv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\7-2tJN OYWR8M0.flv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\7-2tJN OYWR8M0.flv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\7-2tJN OYWR8M0.flv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\7-2tJN OYWR8M0.flv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\7-2tJN OYWR8M0.flv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\7-2tJN OYWR8M0.flv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\tuZYcwv.mp4, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\tuZYcwv.mp4 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\tuZYcwv.mp4 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\tuZYcwv.mp4 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\tuZYcwv.mp4 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\tuZYcwv.mp4 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\tuZYcwv.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\tuZYcwv.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa3c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Videos\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Videos\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Videos\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Videos\desktop.ini, destination_filename = \\?\C:\Users\Public\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa30
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\1805vjPgt2k9.mp4, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\1805vjPgt2k9.mp4 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\1805vjPgt2k9.mp4 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\1805vjPgt2k9.mp4 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\1805vjPgt2k9.mp4 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\1805vjPgt2k9.mp4 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\1805vjPgt2k9.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ISzELKWmrU6cLqu\mXRNnT5\1805vjPgt2k9.mp4 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa84
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Adobe\Acrobat\10.0\Replicate\Security\How To Restore Files.txt, type = file_attributes |
|
1 |
Thread 0x7d8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest, destination_filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome.dll, destination_filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x32c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xad4
31
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xaf4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf, destination_filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa94
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL, destination_filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC, destination_filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x794
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Office14\1036\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Office14\1036\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Office14\1036\MSO.ACL, destination_filename = \\?\C:\Program Files\Microsoft Office\Office14\1036\MSO.ACL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Office14\1036\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Office14\1036\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Office14\1036\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Office14\1036\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0x67c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL, destination_filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x90c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Mail\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Mail\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x480
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf, destination_filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x854
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf, destination_filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x808
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\Temp\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\Temp\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\RAC\Temp\sql65A4.tmp, destination_filename = \\?\C:\ProgramData\Microsoft\RAC\Temp\sql65A4.tmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\Temp\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\RAC\Temp\sql65F3.tmp, destination_filename = \\?\C:\ProgramData\Microsoft\RAC\Temp\sql65F3.tmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\Temp\sql65F3.tmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\RAC\Temp\sql65F3.tmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\RAC\Temp\sql65F3.tmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\RAC\Temp\sql65F3.tmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\RAC\Temp\sql65F3.tmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0x7c0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x5a0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat, destination_filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x888
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\ppcrlconfig.dll, destination_filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\ppcrlconfig.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\ppcrlconfig.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\IdentityCRL\ppcrlconfig.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\ppcrlconfig.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\IdentityCRL\ppcrlconfig.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\ppcrlconfig.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\ppcrlconfig.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\ppcrlui.dll, destination_filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\ppcrlui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x8b0
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\MF\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\MF\Active.GRL, destination_filename = \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\MF\Active.GRL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\MF\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\MF\Pending.GRL, destination_filename = \\?\C:\Users\All Users\Microsoft\MF\Pending.GRL id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc10
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\OFFICE\How To Restore Files.txt, type = file_attributes |
|
2 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\OFFICE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\OFFICE\MySharePoints.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\OFFICE\MySharePoints.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc14
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat, destination_filename = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xc18
66
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl, destination_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl, destination_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl, destination_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl, destination_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl, destination_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl, destination_filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 |
Thread 0xc24
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx, destination_filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyMergeLetter.dotx, destination_filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyMergeLetter.dotx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyMergeLetter.dotx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyMergeLetter.dotx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyMergeLetter.dotx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Templates\1033\AdjacencyMergeLetter.dotx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xc34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc38
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc40
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xc48
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\user.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\user.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc60
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xc64
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xc6c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\MSOSVINT.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\MSOSVINT.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\MSOSVINT.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\MSOSVINT.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\MSOSVINT.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\MSOSVINT.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\How To Restore Files.txt, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0xc70
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\How To Restore Files.txt, size = 493 |
|
1 |
Thread 0xc74
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xc7c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\CHINESET.SHX, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\CHINESET.SHX id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\CHINESET.SHX id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\CHINESET.SHX id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\CHINESET.SHX id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\CHINESET.SHX id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xc94
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\Skins\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Media Player\Skins\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Media Player\Skins\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\Skins\Revert.wmz, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\Skins\Revert.wmz id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xca8
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xcac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\slideShow.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\slideShow.css id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xcb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xcb4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins, destination_filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xcb8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ky4nV51oSl2.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ky4nV51oSl2.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ky4nV51oSl2.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ky4nV51oSl2.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ky4nV51oSl2.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ky4nV51oSl2.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ky4nV51oSl2.wav id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ky4nV51oSl2.wav id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ojj8KlZv.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ojj8KlZv.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ojj8KlZv.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ojj8KlZv.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ojj8KlZv.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\g6X_J7o YDKthVPeAz10\Ojj8KlZv.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xcbc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xcc0
27
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xcc4
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xcc8
21
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xccc
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\AiodLite.dll, destination_filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\AiodLite.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\AiodLite.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\AiodLite.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\AiodLite.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\AiodLite.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\AiodLite.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Reader 10.0\Esl\AiodLite.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xcd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\en-US\wordpad.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\en-US\wordpad.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xcd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\en-US\TableTextService.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\en-US\TableTextService.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xcdc
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xce4
106
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM, destination_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM, destination_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM, destination_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM, destination_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM, destination_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.JPG, destination_filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.JPG id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.JPG id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.JPG id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.JPG id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 |
Thread 0xce8
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xcec
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Libraries\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xcf0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd14
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\Access\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\Access\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\Access\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\Access\Assets.accdt, destination_filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\Access\Assets.accdt id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\Access\Assets.accdt id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\Templates\1033\Access\Assets.accdt id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\Templates\1033\Access\Assets.accdt id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\Templates\1033\Access\Assets.accdt id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd18
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\blank.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\blank.jtp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Genko_1.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Genko_1.jtp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Genko_2.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Genko_2.jtp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Graph.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Graph.jtp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Memo.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Memo.jtp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Music.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Music.jtp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Seyes.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Seyes.jtp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Shorthand.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Shorthand.jtp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\To_Do_List.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\To_Do_List.jtp id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd20
62
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xd24
65
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd40
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 |
Thread 0xd48
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd4c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Support\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log, destination_filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd50
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd54
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd58
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd5c
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd60
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd64
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd68
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd6c
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd70
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd74
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 |
Thread 0xd78
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd7c
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd80
30
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd84
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd88
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd8c
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd90
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd94
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd98
35
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\adojavas.inc, destination_filename = \\?\C:\Program Files\Common Files\System\ado\adojavas.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\adovbs.inc, destination_filename = \\?\C:\Program Files\Common Files\System\ado\adovbs.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msader15.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msader15.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado15.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado15.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado20.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado20.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado21.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado21.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado25.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado25.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado26.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado26.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado27.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado27.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado28.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado28.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msadomd.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msadomd.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msador15.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msador15.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msadox.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msadox.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msadox28.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msadox28.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msadrh15.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msadrh15.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd9c
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xda0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xda4
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xda8
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xdac
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xdb0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xdb4
30
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xdbc
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xdc4
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets, destination_filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets, destination_filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xdc8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets, destination_filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets, destination_filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe40
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe4c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xe58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe5c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe64
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe68
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\msdia80.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\msdia80.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\msdia80.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\msdia80.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\msdia80.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\msdia80.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xe6c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ca_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0xe70
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\cs_CZ\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe74
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe78
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\de_DE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe7c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe80
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\es_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe84
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\eu_ES\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe88
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fi_FI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe8c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\fr_FR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe90
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hr_HR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe94
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\hu_HU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe98
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe9c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ja_JP\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0xea0
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ko_KR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xea4
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xea8
29
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 |
Thread 0xeac
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xeb0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xeb4
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xeb8
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xebc
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xec0
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xec4
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xec8
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xecc
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xed0
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xed4
30
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.INF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.INF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.INF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.INF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.INF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.INF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xed8
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xedc
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xee0
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xee4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xee8
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xeec
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xef0
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xef4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xef8
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xefc
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xf00
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xf04
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xf08
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf0c
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\drag.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\icon.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\logo.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf10
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\drag.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\icon.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\logo.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf14
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\drag.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\icon.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf18
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf1c
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf20
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf24
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\drag.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\drag.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\icon.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\icon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\logo.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\logo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf38
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\RAC\PublishedData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf, destination_filename = \\?\C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xf40
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\RAC\StateData\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf, destination_filename = \\?\C:\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xf48
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSScan\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf4c
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\RAC\Temp\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\RAC\Temp\sql65A4.tmp, destination_filename = \\?\C:\Users\All Users\Microsoft\RAC\Temp\sql65A4.tmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\RAC\Temp\sql65A4.tmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\RAC\Temp\sql65A4.tmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\RAC\Temp\sql65A4.tmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\RAC\Temp\sql65A4.tmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\RAC\Temp\sql65A4.tmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\How To Restore Files.txt, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\RAC\Temp\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\RAC\Temp\sql65F3.tmp, destination_filename = \\?\C:\Users\All Users\Microsoft\RAC\Temp\sql65F3.tmp id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf58
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\bJvTdW4mA2Z4wQ.m4a, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\bJvTdW4mA2Z4wQ.m4a id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\bJvTdW4mA2Z4wQ.m4a id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\bJvTdW4mA2Z4wQ.m4a id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\bJvTdW4mA2Z4wQ.m4a id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\bJvTdW4mA2Z4wQ.m4a id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\bJvTdW4mA2Z4wQ.m4a id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\bJvTdW4mA2Z4wQ.m4a id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\EE7FhWF5ub.wav, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\EE7FhWF5ub.wav id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\EE7FhWF5ub.wav id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\EE7FhWF5ub.wav id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\EE7FhWF5ub.wav id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8oa0-m3WJaKwnSuLh9e\kW7zlhMdpM8TV\EE7FhWF5ub.wav id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xf5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf60
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xf64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf68
30
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\VSTARemotingServer.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\VSTARemotingServer.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\VSTARemotingServer.tlb id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\VSTARemotingServer.tlb id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\VSTARemotingServer.tlb id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\VSTARemotingServer.tlb id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xf6c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xf70
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xf88
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSDecWrp.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSDecWrp.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf9c
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm, destination_filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xfa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xfa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xfac
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xfb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml, destination_filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xfb4
52
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xfb8
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xfbc
32
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18181_.WMF, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18181_.WMF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18181_.WMF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18181_.WMF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18181_.WMF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18181_.WMF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 |
Thread 0xfc0
15
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll, destination_filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll, destination_filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll, destination_filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xfc8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini, destination_filename = \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, destination_filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xff0
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xffc
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, destination_filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, destination_filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x880
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\settings.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\settings.css id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x9a4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x660
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x600
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xabc
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Videos\Sample Videos\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Videos\Sample Videos\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini, destination_filename = \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Public\Videos\Sample Videos\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, destination_filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xac0
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Music\Sample Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Music\Sample Music\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini, destination_filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Music\Sample Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Music\Sample Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Public\Music\Sample Music\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3, destination_filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xaa8
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, destination_filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x99c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nb_NO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\it_IT\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0x74c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\nl_NL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\da_DK\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0x9d0
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pl_PL\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0x128
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x998
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ro_RO\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x9c0
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\ru_RU\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x30c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sk_SK\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x8a4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sl_SI\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x700
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\sv_SE\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x174
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\tr_TR\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x71c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x7ec
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_CN\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x478
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\Reader_10.0.helpcfg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\zh_TW\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x890
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x530
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x388
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x1c4
70
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp, destination_filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\Microsoft.Ink.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\Microsoft.Ink.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x6a0
27
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\adojavas.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\adojavas.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\adovbs.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\adovbs.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msader15.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msader15.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado15.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado15.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado20.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado20.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado21.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado21.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado25.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado25.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado26.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado26.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado27.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado27.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado28.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado28.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadomd.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadomd.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadomd28.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadomd28.tlb id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x344
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xa1c
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa30
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x614
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x680
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xba0
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, destination_filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\pt_BR\How To Restore Files.txt, size = 1280 |
|
1 |
Thread 0xa80
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x7bc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x83c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb08
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb04
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xac4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x900
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Java\jre7\lib\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\jre7\lib\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\lib\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties, destination_filename = \\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Java\jre7\lib\accessibility.properties id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x5cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Microsoft.Ink.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Microsoft.Ink.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x874
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Network\Downloader\How To Restore Files.txt, type = file_attributes |
|
2 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = \\?\C:\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x8f0
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, destination_filename = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, destination_filename = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x510
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x320
15
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\micaut.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\micaut.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\mip.exe.mui, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\mip.exe.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipBand.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipBand.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x580
21
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc50
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc68
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xad8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\How To Restore Files.txt, type = file_attributes |
|
2 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, destination_filename = \\?\C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb88
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xb54
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb0c
41
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x34c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb2c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xb44
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\How To Restore Files.txt, type = file_attributes |
|
1 |
Thread 0xb84
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\MSO1033.acl, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\MSO1033.acl id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\MSO1033.acl id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\MSO1033.acl id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\MSO1033.acl id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\MSO1033.acl id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x810
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Service\How To Restore Files.txt, type = file_attributes |
|
1 |
Thread 0x644
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.srs, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.srs id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.srs id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.srs id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.srs id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 |
Thread 0xa44
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\CREDHIST, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\CREDHIST id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\CREDHIST id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\CREDHIST id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\CREDHIST id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 |
Thread 0xc9c
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x864
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll, destination_filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xca4
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\Normal.dotm, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\Normal.dotm id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\Normal.dotm id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\Normal.dotm id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\Normal.dotm id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\Normal.dotm id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x814
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x6a8
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc04
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x91c
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xaa0
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xacc
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xc08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml, destination_filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x878
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x898
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\CLIPART\PUB60COR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x834
21
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc5c
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xc58
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = \\?\C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc1c
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x57c
31
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x1e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\en-US\wab32res.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\System\en-US\wab32res.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xcbc
23
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\msadc\adcjavas.inc, destination_filename = \\?\C:\Program Files\Common Files\System\msadc\adcjavas.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\msadc\adcvbs.inc, destination_filename = \\?\C:\Program Files\Common Files\System\msadc\adcvbs.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\msadc\handler.reg, destination_filename = \\?\C:\Program Files\Common Files\System\msadc\handler.reg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\msadc\handsafe.reg, destination_filename = \\?\C:\Program Files\Common Files\System\msadc\handsafe.reg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\msadc\msadce.dll, destination_filename = \\?\C:\Program Files\Common Files\System\msadc\msadce.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\msadc\msadcer.dll, destination_filename = \\?\C:\Program Files\Common Files\System\msadc\msadcer.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\msadc\msadcf.dll, destination_filename = \\?\C:\Program Files\Common Files\System\msadc\msadcf.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\msadc\msadcfr.dll, destination_filename = \\?\C:\Program Files\Common Files\System\msadc\msadcfr.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\msadc\msadco.dll, destination_filename = \\?\C:\Program Files\Common Files\System\msadc\msadco.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\msadc\msadcor.dll, destination_filename = \\?\C:\Program Files\Common Files\System\msadc\msadcor.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xae8
33
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msdaosp.dll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msdaosp.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msdaps.dll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msdaps.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msdasql.dll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msdasql.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msdatl3.dll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msdatl3.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msxactps.dll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\msxactps.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\oledb32.dll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\oledb32.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\oledb32r.dll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\oledb32r.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.dll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.rll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.rll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\Ole DB\xmlrw.dll, destination_filename = \\?\C:\Program Files\Common Files\System\Ole DB\xmlrw.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd08
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd1c
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd2c
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd38
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd3c
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd34
23
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x32c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc84
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xdc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xcac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x5d0
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xe40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xdc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x118
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa34
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x8d4
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa54
39
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_play.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_play.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseout.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseout.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xbfc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\settings.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\settings.js id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb78
43
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 |
Thread 0xa9c
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF, destination_filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb6c
41
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip, destination_filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x6bc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc94
29
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x454
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x73c
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb24
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa2c
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd04
37
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu, destination_filename = \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x820
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc38
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb80
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xf30
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 |
Thread 0xf34
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 |
Thread 0x90c
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xa90
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x42c
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x85c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa0c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa18
45
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CRT, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CRT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CSD, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CSD id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.IDX, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.IDX id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.LTS, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.LTS id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.TTS, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.TTS id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UDT, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UDT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UNT, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UNT id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.WIH, destination_filename = \\?\C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.WIH id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc0
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa64
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x328
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Results\Resource\How To Restore Files.txt, type = file_attributes |
|
1 |
Thread 0xa84
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu, destination_filename = \\?\C:\Users\All Users\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xf48
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu, destination_filename = \\?\C:\Users\All Users\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x868
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\How To Restore Files.txt, type = file_attributes |
|
1 |
Thread 0xab4
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x5e0
21
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_Off.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_Off.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x47c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 |
Thread 0x460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x854
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x840
39
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\adcjavas.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\adcjavas.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\handler.reg, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\handler.reg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\handsafe.reg, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\handsafe.reg id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadce.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadce.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcer.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcer.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcf.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcf.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcfr.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcfr.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadco.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadco.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcor.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcor.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadds.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadds.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msaddsr.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msaddsr.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msdaprsr.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msdaprsr.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msdaprst.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msdaprst.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msdarem.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msdarem.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msdaremr.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msdaremr.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msdfmap.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msdfmap.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x8c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xdc0
53
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdadc.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdadc.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaenum.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaenum.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaer.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaer.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaorar.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaorar.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaps.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaps.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasc.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasc.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasqlr.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasqlr.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatl3.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatl3.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatt.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatt.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaurl.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaurl.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msxactps.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msxactps.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbjvs.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbjvs.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbvbs.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbvbs.inc id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.rll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.rll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.rll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.rll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xf44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xd10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xdcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xde8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xdec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe20
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\MSMAPI\1033\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\MSMAPI\1033\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\MSMAPI\1033\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL, destination_filename = \\?\C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xe28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xdbc
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\Ole DB\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xc0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x588
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x314
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xfd4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xfcc
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xfd0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\slideShow.css, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\slideShow.css id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf2c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat, destination_filename = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat id-bry0hIIfVldG0S8v.BDKR, destination_filename = \\?\C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat |
|
1 |
Thread 0x670
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x758
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xfe8
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xf94
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xf98
41
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x7c4
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xfa8
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xfc0
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.cdf-ms, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.cdf-ms id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x98c
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xd20
41
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\1W93a.bmp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\1W93a.bmp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\1W93a.bmp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\1W93a.bmp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\1W93a.bmp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\1W93a.bmp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\1W93a.bmp id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\1W93a.bmp id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\25GNIUm0ewiO7pAy.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\25GNIUm0ewiO7pAy.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\25GNIUm0ewiO7pAy.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\25GNIUm0ewiO7pAy.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\25GNIUm0ewiO7pAy.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\25GNIUm0ewiO7pAy.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\25GNIUm0ewiO7pAy.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\25GNIUm0ewiO7pAy.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\Htg7o60HC.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\Htg7o60HC.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\Htg7o60HC.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\Htg7o60HC.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\Htg7o60HC.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\Htg7o60HC.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\Htg7o60HC.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\Htg7o60HC.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\YAqNZP4D-5zdHkiHZfC.odp, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\YAqNZP4D-5zdHkiHZfC.odp id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\YAqNZP4D-5zdHkiHZfC.odp id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\YAqNZP4D-5zdHkiHZfC.odp id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\YAqNZP4D-5zdHkiHZfC.odp id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ekrbf PTRlhOI\YAqNZP4D-5zdHkiHZfC.odp id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xcc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xdb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xdd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xde0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xddc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe08
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, destination_filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb18
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 |
Thread 0xd0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc2c
47
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\2UPKA7hyi.flv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\2UPKA7hyi.flv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\2UPKA7hyi.flv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\2UPKA7hyi.flv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\2UPKA7hyi.flv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\2UPKA7hyi.flv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\2UPKA7hyi.flv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\2UPKA7hyi.flv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\7_1TF.avi, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\7_1TF.avi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\7_1TF.avi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\7_1TF.avi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\7_1TF.avi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\7_1TF.avi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\7_1TF.avi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\7_1TF.avi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\IFs 473n3ew8.flv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\IFs 473n3ew8.flv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\IFs 473n3ew8.flv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\IFs 473n3ew8.flv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\IFs 473n3ew8.flv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\IFs 473n3ew8.flv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\IFs 473n3ew8.flv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\IFs 473n3ew8.flv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\PM9iKKYIkn9z1tAP9I.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\PM9iKKYIkn9z1tAP9I.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\PM9iKKYIkn9z1tAP9I.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\PM9iKKYIkn9z1tAP9I.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\PM9iKKYIkn9z1tAP9I.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\PM9iKKYIkn9z1tAP9I.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\PM9iKKYIkn9z1tAP9I.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\PM9iKKYIkn9z1tAP9I.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0xa74
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = \\?\C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xc34
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x9b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\ado\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\ado\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x9b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x9b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\msadc\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x9ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x9a8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Default\AppData\Local\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\AppData\Local\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xb20
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x988
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\uk_UA\Reader_10.0.helpcfg id-bry0hIIfVldG0S8v.BDKR, size = 493 |
|
1 |
Thread 0xcb4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xadc
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xf90
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Local State, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Local State id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Local State id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Local State id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Local State id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Local State id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xf08
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\7J4ylGefcbkx4.avi, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\7J4ylGefcbkx4.avi id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\7J4ylGefcbkx4.avi id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\7J4ylGefcbkx4.avi id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\7J4ylGefcbkx4.avi id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\7J4ylGefcbkx4.avi id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\7J4ylGefcbkx4.avi id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\7J4ylGefcbkx4.avi id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\iQ73JKbY3POJw8DSt.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\iQ73JKbY3POJw8DSt.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\iQ73JKbY3POJw8DSt.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\iQ73JKbY3POJw8DSt.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\iQ73JKbY3POJw8DSt.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\iQ73JKbY3POJw8DSt.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\iQ73JKbY3POJw8DSt.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1 82DV\g05j9Qz\TIi8YPbDlaOLAKiDaS\CrdUTJLjqC0FOs7WZSy\iQ73JKbY3POJw8DSt.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x8ac
17
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xac8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xf20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x1c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x8b0
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb9c
57
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png, destination_filename = \\?\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc98
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc78
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x7e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xbb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui, destination_filename = \\?\C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xb34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xcd0
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\How To Restore Files.txt, type = file_attributes |
|
1 |
Thread 0x324
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xe3c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 |
Thread 0x974
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc3c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x914
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Default\Favorites\Links\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\Favorites\Links\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\Favorites\Links\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\Favorites\Links\desktop.ini, destination_filename = \\?\C:\Users\Default\Favorites\Links\desktop.ini id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xc68
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\en-US\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\en-US\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\en-US\How To Restore Files.txt, size = 493 |
|
1 |
Thread 0x7f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0x328
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xa08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js, destination_filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xdf4
74
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\-9aqpq.png, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\-9aqpq.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\-9aqpq.png id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\-9aqpq.png id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\-9aqpq.png id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\-9aqpq.png id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\-9aqpq.png id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\-9aqpq.png id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1HBj9P1CNrI8.mp3, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1HBj9P1CNrI8.mp3 id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1HBj9P1CNrI8.mp3 id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1HBj9P1CNrI8.mp3 id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1HBj9P1CNrI8.mp3 id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1HBj9P1CNrI8.mp3 id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1HBj9P1CNrI8.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1HBj9P1CNrI8.mp3 id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1RNL.mkv, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1RNL.mkv id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1RNL.mkv id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1RNL.mkv id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1RNL.mkv id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1RNL.mkv id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1RNL.mkv id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\1RNL.mkv id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\2KT9F29-h6SkTPYO8.swf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\2KT9F29-h6SkTPYO8.swf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\2KT9F29-h6SkTPYO8.swf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\2KT9F29-h6SkTPYO8.swf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\2KT9F29-h6SkTPYO8.swf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\2KT9F29-h6SkTPYO8.swf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\2KT9F29-h6SkTPYO8.swf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\2KT9F29-h6SkTPYO8.swf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9aSSz.docx, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9aSSz.docx id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9aSSz.docx id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9aSSz.docx id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9aSSz.docx id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9aSSz.docx id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9aSSz.docx id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9aSSz.docx id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9RxZ-Gc0LqS35Mzl3.pdf, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9RxZ-Gc0LqS35Mzl3.pdf id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9RxZ-Gc0LqS35Mzl3.pdf id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9RxZ-Gc0LqS35Mzl3.pdf id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9RxZ-Gc0LqS35Mzl3.pdf id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9RxZ-Gc0LqS35Mzl3.pdf id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9RxZ-Gc0LqS35Mzl3.pdf id-bry0hIIfVldG0S8v.BDKR, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9RxZ-Gc0LqS35Mzl3.pdf id-bry0hIIfVldG0S8v.BDKR, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\AdobeARM.log, destination_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\AdobeARM.log id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\AdobeARM.log id-bry0hIIfVldG0S8v.BDKR, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\AdobeARM.log id-bry0hIIfVldG0S8v.BDKR, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\AdobeARM.log id-bry0hIIfVldG0S8v.BDKR, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\AdobeARM.log id-bry0hIIfVldG0S8v.BDKR, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xc08
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\How To Restore Files.txt, size = 493 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png, destination_filename = \\?\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png id-bry0hIIfVldG0S8v.BDKR |
|
1 |
Thread 0xfb0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 |
Thread 0xe0c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\How To Restore Files.txt, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\How To Restore Files.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\How To Restore Files.txt, size = 493 |
|
1 |
Process #2: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:56, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa80 |
| Parent PID | 0xa4c (c:\users\5p5nrgjn0js halpmcxz\desktop\fcr.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A84
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | r |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x000cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0017ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x002cffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00400000 | 0x00466fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000470000 | 0x00470000 | 0x005f7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x0060ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000610000 | 0x00610000 | 0x00790fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007a0000 | 0x007a0000 | 0x01b9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001ba0000 | 0x01ba0000 | 0x01ee2fff | Pagefile Backed Memory | r |
|
|
|
- |
| cmd.exe | 0x4a5f0000 | 0x4a63bfff | Memory Mapped File | rwx |
|
|
|
- |
| winbrand.dll | 0x74fe0000 | 0x74fe6fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74ff0000 | 0x74ff7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x75000000 | 0x7505bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x75060000 | 0x7509efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75600000 | 0x7560bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75610000 | 0x7566ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75720000 | 0x757bffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757c0000 | 0x758cffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x758d0000 | 0x7596cfff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x75a70000 | 0x75a79fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75ea0000 | 0x75f6bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75f80000 | 0x75fdffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75fe0000 | 0x7608bfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76090000 | 0x7617ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x761b0000 | 0x761c8fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x76260000 | 0x762a5fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x766d0000 | 0x7675ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x775b0000 | 0x776affff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000776b0000 | 0x776b0000 | 0x777a9fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000777b0000 | 0x777b0000 | 0x778cefff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x778d0000 | 0x77a78fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ab0000 | 0x77c2ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Threads
Thread 0xa84
58
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2018-09-23 19:14:18 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 146016 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a5f0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x757ea84f |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x757f3b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x757d4a5d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x757ea79d |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
Process #3: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\syswow64\vssadmin.exe |
| Command Line | vssadmin delete shadows /all |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:54, Reason: Child Process |
| Unmonitor | End Time: 00:01:56, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xaac |
| Parent PID | 0xa80 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AB0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000000b0000 | 0x000b0000 | 0x000effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0024ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x003cffff | Private Memory | rw |
|
|
|
- |
| vssadmin.exe | 0x00570000 | 0x0058efff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74ff0000 | 0x74ff7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x75000000 | 0x7505bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x75060000 | 0x7509efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x778d0000 | 0x77a78fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ab0000 | 0x77c2ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
