Globeimposter Ransomware Delivered via Necurs Botnet | Grouped Behavior
Try VMRay Analyzer
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | "C:\Windows\System32\CScript.exe" "C:\Users\CIIHMN~1\Desktop\MSC000~1.VBS" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:13, Reason: Analysis Target |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:05:10 |
| Information | Value |
|---|---|
| PID | 0xe98 |
| Parent PID | 0x728 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E9C
0x
ED4
0x
EE4
0x
EE8
0x
EEC
0x
EF0
0x
EF4
0x
EF8
0x
F24
0x
F88
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe | 155.80 KB (159535 bytes) |
MD5:
5da21af74810e3655bcbbe40660f21b8
SHA1: 60d60dff0d3af3b564e43bc87ef5a63ff6146da7 SHA256: c0ce6c2f03e3174d347eb2136a230883a725fcd5179221f61435ea709a2ba81f |
|
|
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | Microsoft.XMLHTTP | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | Adodb.streaM | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | Wscript.shell | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | Scripting.FileSystemObject | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | WScript.Shell | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Execute | Microsoft.XMLHTTP | IDispatch | method_name = Open |
|
1 |
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIIHMN~1\Desktop\MSC000~1.VBS | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe | - |
|
1 | |
| Get Info | C:\Users\CIIHMN~1\Desktop\MSC000~1.VBS | type = size |
|
1 | |
| Get Info | - | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | - | size = 4818, size_out = 4818 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 110 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe | size = 159535 |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
3 | |
| Open Key | HKEY_CLASSES_ROOT\.VBS | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.VBS | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 |
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd.exe | show_window = SW_SHOWNORMAL |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ffb3d260000 |
|
2 | |
| Load | amsi.dll | base_address = 0x7ffb30da0000 |
|
1 | |
| Load | WLDP.DLL | base_address = 0x7ffb2bea0000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x7ffb3c2d0000 |
|
1 | |
| Load | shell32.dll | base_address = 0x7ffb3aa50000 |
|
1 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0x7ff770f20000 |
|
3 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ffb3d260000 |
|
1 | |
| Get Handle | c:\windows\system32\kernelbase.dll | base_address = 0x7ffb3a800000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 261 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 261 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ffb3d27d550 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x7ffb3d280f40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = QueryProtectedPolicy, address_out = 0x7ffb3a86d460 |
|
1 | |
| Get Address | c:\windows\system32\amsi.dll | function = AmsiInitialize, address_out = 0x7ffb30da2260 |
|
1 | |
| Get Address | c:\windows\system32\amsi.dll | function = AmsiScanString, address_out = 0x7ffb30da26b0 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = ResolveDelayLoadedAPI, address_out = 0x7ffb3a85a1b0 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = ResolveDelayLoadsFromDll, address_out = 0x7ffb3a8be790 |
|
1 | |
| Get Address | c:\windows\system32\wldp.dll | function = WldpGetLockdownPolicy, address_out = 0x7ffb2bea1010 |
|
1 | |
| Get Address | c:\windows\system32\wldp.dll | function = WldpIsClassInApprovedList, address_out = 0x7ffb2bea3820 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x7ffb3c2da7d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x7ffb3c2d3ba0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x7ffb3c2e6cc0 |
|
1 | |
| Get Address | c:\windows\system32\cscript.exe | function = 1, address_out = 0x7ff770f21350 |
|
2 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteExW, address_out = 0x7ffb3ab32460 |
|
1 | |
| Get Address | c:\windows\system32\amsi.dll | function = AmsiUninitialize, address_out = 0x7ffb30da2490 |
|
1 | |
| Create Mapping | C:\Users\CIIHMN~1\Desktop\MSC000~1.VBS | filename = C:\Users\CIIHMN~1\Desktop\MSC000~1.VBS, protection = PAGE_READONLY, maximum_size = 4818 |
|
1 | |
| Map | C:\Users\CIIHMN~1\Desktop\MSC000~1.VBS | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 843568864240 |
|
1 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = Ticks, time = 96078 |
|
1 | |
| Get Info | type = Operating System |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Get Info | type = Hardware Information |
|
1 |
| Information | Value |
|---|---|
| Total Data Sent | 0.32 KB (332 bytes) |
| Total Data Received | 155.80 KB (159535 bytes) |
| Contacted Host Count | 1 |
| Contacted Hosts | rorymartin8.info |
| Information | Value |
|---|---|
| Used COM interface | Microsoft.XMLHTTP |
| User Agent | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729) |
| Server Name | rorymartin8.info |
| Server Port | 80 |
| Data Sent | 0.32 KB (332 bytes) |
| Data Received | 155.80 KB (159535 bytes) |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Open Connection | protocol = http, server_name = rorymartin8.info, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GeT, http_version = HTTP 1.1, target_resource = /hudgy356 |
|
1 | |
| Send HTTP Request | url = http://rorymartin8.info/hudgy356? |
|
1 | |
| Receive HTTP Status | status = 200 |
|
1 | |
| Read Response | size_out = 159535 |
|
1 |
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c call "C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:24, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:59 |
| Information | Value |
|---|---|
| PID | 0xf8c |
| Parent PID | 0xe98 (c:\windows\system32\cscript.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F90
0x
FA8
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | "C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe" | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe | os_pid = 0xfac, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x7ff6decd0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ffb3d260000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ffb3d27d550 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7ffb3d2825e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7ffb3d281f90 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x7ffb3a853a10 |
|
1 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
3 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe |
| Command Line | "C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:25, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:58 |
| Information | Value |
|---|---|
| PID | 0xfac |
| Parent PID | 0xf8c (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FB0
0x
FB4
0x
FC4
0x
FC8
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\ciihmn~1\appdata\local\temp\nsga12c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\nsga12d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\nsma14e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\nsma14e.tmp\system.dll | 11.00 KB (11264 bytes) |
MD5:
3f176d1ee13b0d7d6bd92e1c7a0b9bae
SHA1: fe582246792774c2c9dd15639ffa0aca90d6fd0b SHA256: fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\w8nb | 69.88 KB (71559 bytes) |
MD5:
5a028c895aaed43a1f4f16e880f83ad1
SHA1: 4cc8b9e59434eae65374a5b790ec98fbab713871 SHA256: abed74c65d9b1562c2c9a10f35965d62f251742762cf28ca5dbd7813a9428db4 |
|
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\ciihmnxmn6ps\videos\desktop.ini | 1.42 KB (1456 bytes) |
MD5:
bd3d4d5eb25d64e78a8dc21a5b0ce4c8
SHA1: 5a860bd27a305d6e6af9b8d406836bcdbd0c3d46 SHA256: 874beff6a5c1aa61d7c49a25dc23a22eb7b0aecf5cb5b45b455afb0f9d8b52f9 |
|
|
| c:\users\ciihmnxmn6ps\pictures\desktop.ini | 1.42 KB (1456 bytes) |
MD5:
3dbf9c15339199ca1e20853ace4b31d4
SHA1: c9b06d0f911c553a516f1e3066fcd1f3af08a473 SHA256: 4d8b6c410fde466c6a91419bd42ff117b20a0142ecbf655f2b5c7e18e2b30157 |
|
|
| c:\users\ciihmnxmn6ps\onedrive\desktop.ini | 1.03 KB (1056 bytes) |
MD5:
0072fd5678c831e896556403c9a56dc5
SHA1: e5f5c7cf7b6d6e5ae349dfb6fb2f02f95130a79c SHA256: cc05acaabf026ed6bcd29908ae5079735617583855e4fd6557d8e310154af02e |
|
|
| c:\users\ciihmnxmn6ps\music\desktop.ini | 1.42 KB (1456 bytes) |
MD5:
c97099a5ebbc80d50d309d865880682c
SHA1: 4ca5f47e27d62693879f719b542b2904b0563b56 SHA256: ad3c0c99182392975db23272978191ff9571c70e703c03a405338a777fc58be2 |
|
|
| c:\users\ciihmnxmn6ps\downloads\desktop.ini | 1.20 KB (1232 bytes) |
MD5:
a366561c12c6f69711d3bb85e052fa7d
SHA1: c70b3c04a93e561b4cf463ac44d10923da75566f SHA256: b1422698d4c21483ab1bd86344784727cad570b0b0b1eeaef1f221496e685910 |
|
|
| c:\users\ciihmnxmn6ps\documents\desktop.ini | 1.33 KB (1360 bytes) |
MD5:
7132d3a594fda47d039273bbc40dbffd
SHA1: 860a7d33a834d69fcc947226d561d6ca7c1440bb SHA256: b9b2bd048b7ee2b23a488b39c36a49d1a453087428ae56f7f43624b1658624bc |
|
|
| c:\users\ciihmnxmn6ps\desktop\desktop.ini | 1.20 KB (1232 bytes) |
MD5:
1303831f18dffd4cf7f31ee7c7682dc9
SHA1: af7733df345ddf40bce6ff8799b0ebbfd06c2e62 SHA256: 032970cd060cdf8c701de88534b813f7b69277ce8ae5be1f12f8363b387bcfe7 |
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_TEMPORARY, FILE_FLAG_DELETE_ON_CLOSE |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\nsmA14E.tmp\System.dll | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\nsmA14E.tmp\System.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
26 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | desired_access = GENERIC_READ |
|
1 | |
| Create | C:\Windows\SYSTEM32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
3 | |
| Create | C:\Windows\SYSTEM32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
4 | |
| Create Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\ | - |
|
1 | |
| Create Directory | C:\Users | - |
|
2 | |
| Create Directory | C:\Users\CIIHMN~1 | - |
|
2 | |
| Create Directory | C:\Users\CIIHMN~1\AppData | - |
|
2 | |
| Create Directory | C:\Users\CIIHMN~1\AppData\Local | - |
|
2 | |
| Create Directory | C:\Users\CIIHMN~1\AppData\Local\Temp | - |
|
2 | |
| Create Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\nsmA14E.tmp | - |
|
1 | |
| Create Temp File | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12C.tmp | path = C:\Users\CIIHMN~1\AppData\Local\Temp\, prefix = nsg |
|
1 | |
| Create Temp File | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | path = C:\Users\CIIHMN~1\AppData\Local\Temp\, prefix = nsg |
|
1 | |
| Create Temp File | C:\Users\CIIHMN~1\AppData\Local\Temp\nsmA14E.tmp | path = C:\Users\CIIHMN~1\AppData\Local\Temp, prefix = nsm |
|
1 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe | type = size |
|
1 | |
| Get Info | C:\Users | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIIHMN~1 | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIIHMN~1\AppData | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp\nsmA14E.tmp\System.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp\nsmA14E.tmp\System.dll | type = file_attributes |
|
26 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SYSTEM32\ntdll.dll | type = size |
|
3 | |
| Get Info | C:\Windows\SYSTEM32\ntdll.dll | type = size |
|
4 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe | size = 512, size_out = 512 |
|
79 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe | size = 16384, size_out = 16384 |
|
6 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 4, size_out = 4 |
|
3 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 31488, size_out = 31488 |
|
1 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 11264, size_out = 11264 |
|
1 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 16384, size_out = 16384 |
|
4 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 6023, size_out = 6023 |
|
1 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | size = 71559, size_out = 71559 |
|
1 | |
| Read | C:\Windows\SYSTEM32\ntdll.dll | size = 1533496, size_out = 1533496 |
|
3 | |
| Read | C:\Windows\SYSTEM32\ntdll.dll | size = 1533496, size_out = 1533496 |
|
4 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 32768 |
|
2 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 14048 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsmA14E.tmp\System.dll | size = 11264 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 25540 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 16141 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 16153 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 16149 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12D.tmp | size = 24930 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | size = 16384 |
|
4 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | size = 6023 |
|
1 | |
| Delete | C:\Users\CIIHMN~1\AppData\Local\Temp\nsgA12C.tmp | - |
|
1 | |
| Delete | C:\Users\CIIHMN~1\AppData\Local\Temp\nsmA14E.tmp | - |
|
1 |
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe | os_pid = 0xfe0, creation_flags = CREATE_SUSPENDED, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 |
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Context | c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe | os_tid = 0xfb0 |
|
1 | |
| Set Context | c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe | os_tid = 0xfb0 |
|
1 |
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe | address = 0x7ffde008, size = 4 |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Windows\system32\UXTHEME.dll | base_address = 0x74110000 |
|
1 | |
| Load | C:\Windows\system32\USERENV.dll | base_address = 0x73700000 |
|
1 | |
| Load | C:\Windows\system32\SETUPAPI.dll | base_address = 0x74350000 |
|
1 | |
| Load | C:\Windows\system32\APPHELP.dll | base_address = 0x74190000 |
|
1 | |
| Load | C:\Windows\system32\PROPSYS.dll | base_address = 0x732c0000 |
|
1 | |
| Load | C:\Windows\system32\DWMAPI.dll | base_address = 0x740f0000 |
|
1 | |
| Load | C:\Windows\system32\CRYPTBASE.dll | base_address = 0x74290000 |
|
1 | |
| Load | C:\Windows\system32\OLEACC.dll | base_address = 0x73260000 |
|
1 | |
| Load | C:\Windows\system32\CLBCATQ.dll | base_address = 0x742c0000 |
|
1 | |
| Load | C:\Windows\system32\VERSION.dll | base_address = 0x73d50000 |
|
1 | |
| Load | C:\Windows\system32\SHFOLDER.dll | base_address = 0x73250000 |
|
1 | |
| Load | C:\Users\CIIHMN~1\AppData\Local\Temp\nsmA14E.tmp\System.dll | base_address = 0x10000000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x75d40000 |
|
16 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76bc0000 |
|
6 | |
| Get Handle | VERSION | base_address = 0x0 |
|
1 | |
| Get Handle | SHFOLDER | base_address = 0x0 |
|
1 | |
| Get Handle | c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe | base_address = 0x400000 |
|
1 | |
| Get Handle | c:\windows\syswow64\shell32.dll | base_address = 0x74760000 |
|
1 | |
| Get Handle | C:\Users\CIIHMN~1\AppData\Local\Temp\nsmA14E.tmp\System.dll | base_address = 0x0 |
|
1 | |
| Get Handle | c:\users\ciihmn~1\appdata\local\temp\nsma14e.tmp\system.dll | base_address = 0x10000000 |
|
26 | |
| Get Handle | c:\windows\syswow64\msvcrt.dll | base_address = 0x75b80000 |
|
1 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x74500000 |
|
4 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77190000 |
|
2 | |
| Get Filename | SHFOLDER | process_name = c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe, size = 1024 |
|
1 | |
| Get Filename | C:\Users\CIIHMN~1\AppData\Local\Temp\nsmA14E.tmp\System.dll | process_name = c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe, size = 259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x76050790 |
|
1 | |
| Get Address | c:\windows\syswow64\version.dll | function = GetFileVersionInfoA, address_out = 0x73d51f80 |
|
1 | |
| Get Address | c:\windows\syswow64\shfolder.dll | function = SHGetFolderPathA, address_out = 0x73251300 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultUILanguage, address_out = 0x76bda6f0 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = 680, address_out = 0x749ffa00 |
|
1 | |
| Get Address | c:\users\ciihmn~1\appdata\local\temp\nsma14e.tmp\system.dll | function = Call, address_out = 0x100016bd |
|
25 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = malloc, address_out = 0x75bc78c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemInfo, address_out = 0x76bda1f0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = wsprintf, address_out = 0x0 |
|
4 | |
| Get Address | c:\windows\syswow64\user32.dll | function = wsprintfA, address_out = 0x7452ea00 |
|
4 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFile, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76be6170 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtCreateSection, address_out = 0x771f9080 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtMapViewOfSection, address_out = 0x771f8e60 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76be64a0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFileA, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76be5f20 |
|
1 | |
| Get Address | c:\users\ciihmn~1\appdata\local\temp\nsma14e.tmp\system.dll | function = Int64Op, address_out = 0x1000180d |
|
2 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 5955600 |
|
1 | |
| Map | - | process_name = c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x1eb0000 |
|
1 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = Ticks, time = 106796 |
|
4 | |
| Get Time | type = Ticks, time = 106828 |
|
4 | |
| Get Time | type = Ticks, time = 106968 |
|
6 | |
| Get Time | type = Ticks, time = 106984 |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
11 | |
| Get Info | type = Hardware Information |
|
1 |
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe |
| Command Line | "C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe" |
| Initial Working Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:00:36, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:47 |
| Information | Value |
|---|---|
| PID | 0xfe0 |
| Parent PID | 0xfac (c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FE4
0x
FEC
0x
FFC
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Control Flow | #5: c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe | 0xfb0 | os_tid = 0xfe4, address = 0x771faef0 |
|
1 |
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe | 155.80 KB (159535 bytes) |
MD5:
5da21af74810e3655bcbbe40660f21b8
SHA1: 60d60dff0d3af3b564e43bc87ef5a63ff6146da7 SHA256: c0ce6c2f03e3174d347eb2136a230883a725fcd5179221f61435ea709a2ba81f |
|
|
| c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\public\ae09c984df6e74640b3271eadb5dd7c65fde806235b2cda478e0efa9129c09e7 | 1.00 KB (1026 bytes) |
MD5:
cc3e8d276fce51e4f88c1006b5dc008b
SHA1: 93d35f2df9917e7aaf340810564816c2c688c316 SHA256: a587adac0b3b0b4f0c3b840452be39769112f8b013ca28c494241c78ba627fc3 |
|
|
| c:\bootnxt..doc | 0.94 KB (960 bytes) |
MD5:
dd4c03d383fa84a8ccba73e0b34a26ca
SHA1: 7cda05877b6effc0ea603a0925322fde261c51bf SHA256: 2f1a8b66d168474c99923af0795a35c2cfe9386f64b8000fa24c6fa3402f8a90 |
|
|
| c:\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\public\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\public\videos\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\public\pictures\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\public\music\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\public\libraries\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\public\downloads\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\public\documents\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\public\desktop\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\public\accountpictures\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\default\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\videos\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\wyrssbqc98w\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\j-xye\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\nxloupbusenpl3p-\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\8klt4ds_wbyaiwwtj\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\ajr9qn-j2iqxfffeuvm\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\searches\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\saved games\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\pictures\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\pictures\saved pictures\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\pictures\rtevorrnw0ui5otj\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\pictures\kueb8-smvm\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\pictures\camera roll\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\v_voep\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\6ghfbg6r\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\onedrive\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\music\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\tcotoe4f9fr69v\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\tfeyyxaopweg\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\links\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\favorites\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\favorites\links\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\downloads\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\documents\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\wcamw\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\documents\outlook files\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\documents\onenote notebooks\my notebook\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\documents\my shapes\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\documents\my shapes\_private\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\documents\2xncn\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\users\ciihmnxmn6ps\desktop\read___me.html | 4.18 KB (4282 bytes) |
MD5:
1298ca6e188d639b1f38c31677bfcd95
SHA1: d4455bede93c9f5fc49fe0790534e41585f47c7e SHA256: 87031c0a223a7a6a7228926375922fbbe858883727395619dd8376afc91b9774 |
|
|
| c:\bootsect.bak..doc | 8.92 KB (9136 bytes) |
MD5:
351a1e2354f9c0ccd36e00b75bb50a18
SHA1: e19f9661239c4fc761385ea3f39b00c9c2c35cba SHA256: 6f8e024373a23c013124ae16c0e7b38f583e44a252860f4c8380de99a38a9904 |
|
|
| c:\users\desktop.ini..doc | 1.09 KB (1120 bytes) |
MD5:
03fa1e0ea94f96e88df614abbe0703b1
SHA1: 8b6bf3c2e93724a603abc372e772fd4c8a1a154b SHA256: 237e277cf6439d70c327f263cb443e4b9f23e1736ec5e38d7e9c5a7490626473 |
|
|
| c:\users\public\desktop.ini..doc | 1.09 KB (1120 bytes) |
MD5:
4557a99c5f04dd51e1c57f88eecabfd0
SHA1: 12b9d3fd9c7b25af9f6030245a9bc7b9a306cc6c SHA256: 87d3ef818691192276efef80fb2d80a1c3f14d4313fe59566429b9a45a62aa82 |
|
|
| c:\users\public\videos\desktop.ini..doc | 1.30 KB (1328 bytes) |
MD5:
912937c3c9a69c32211d4162d9199fbc
SHA1: 80e00a9c04a8cb36846da3917dcd095811cd586f SHA256: d2f030314ae9d645cb32763ac0b66125eb38d718a64fddc090376eeb540e07a9 |
|
|
| c:\users\public\pictures\desktop.ini..doc | 1.30 KB (1328 bytes) |
MD5:
84033410a1053c63dedc29d312a02fff
SHA1: a98610896d90d8323dc68135e79b714f585619b3 SHA256: 120db3e5232d5ac034a29d84bbc28e14b7fd08333b515574643d086152052dbd |
|
|
| c:\users\public\music\desktop.ini..doc | 1.30 KB (1328 bytes) |
MD5:
19df54bac0c5e64d04110ed7d79e8a14
SHA1: 3bc9092919086b28b62ee2e0ce7096b7e43a9934 SHA256: e7b4f0156e9e228454ba99d32e680487e680c7c7996cf48709ab54a2f42feb38 |
|
|
| c:\users\public\libraries\desktop.ini..doc | 1.09 KB (1120 bytes) |
MD5:
14f972c6f596015135491f8d195c6999
SHA1: aa46c370e3f5d5119f63168eef8c897f1947eece SHA256: 7d0f57e87e3fe8795d13be2e4f2cf9d4a2c15afab4aa58929dbd517077ae520e |
|
|
| c:\users\public\libraries\recordedtv.library-ms..doc | 1.91 KB (1952 bytes) |
MD5:
e36f7f7f6dc87e0af8a6b625daa9899a
SHA1: e846d09023adbf67887ee86e8a01b32f826d94ac SHA256: 48ae42aa9a9bd8731f6d7b5cac820121c4adacb024ba9e772d6738b0928b61d8 |
|
|
| c:\users\public\downloads\desktop.ini..doc | 1.09 KB (1120 bytes) |
MD5:
334326f2445576654b881ca75881a12a
SHA1: 2154f40bf4c4189c8d3e963b05c853e4f2df3b12 SHA256: 70b9f46cd1678b6200e585463d78b91d07ae8ca9f254590fe1d5ce152f6f770a |
|
|
| c:\users\public\documents\desktop.ini..doc | 1.20 KB (1232 bytes) |
MD5:
fb9580698701e27432647edd2d7eaac7
SHA1: 6781d39960831bab710c05f590166323646eb7da SHA256: acce99a2039dd0fe6a4256f06e4ef93d4585828d8394bbb4aa8a4eca014888bc |
|
|
| c:\users\public\desktop\acrobat reader dc.lnk..doc | 3.02 KB (3088 bytes) |
MD5:
8fdc81b4323f97687e071a50b5267496
SHA1: d36545d6fd09f7c2b574b68e120250347715a28d SHA256: ee9058e027d4eb75fc3f979f72db86413401287e4aa18d33e073aed1b1e8547d |
|
|
| c:\users\public\desktop\desktop.ini..doc | 1.09 KB (1120 bytes) |
MD5:
9dcef2ab01e7b4f41c0de6a3df60f5b4
SHA1: c685c2f13bbdc51b92da09c4382477e0aeec75af SHA256: f3f0ac0332a1aadae365c1b4afca95d14e4fb89d56a47ba7582ca72d40aa1cb9 |
|
|
| c:\users\public\desktop\google chrome.lnk..doc | 3.22 KB (3296 bytes) |
MD5:
5e48a236139104b9b82eeb16cb72e0ae
SHA1: 9b30a2145e9be12747754935fc14661731c1e125 SHA256: 19d7b1b55ce79827f37860f46180bddaaaf35dd465eb4daf3098638999ab4ab7 |
|
|
| c:\users\public\desktop\mozilla firefox.lnk..doc | 2.12 KB (2176 bytes) |
MD5:
ae617e94bd982a4ea563ede72ecdae37
SHA1: 0d82d70473b3bcd4d3b1f525f6d86f4e1795dce8 SHA256: 49d51bb8135ae652b9a764971120d484158e06f18efabf29543cd0d6676e57e8 |
|
|
| c:\users\public\accountpictures\desktop.ini..doc | 1.12 KB (1152 bytes) |
MD5:
efa39eb41053ff0a991c991975875bc0
SHA1: 5d2c35f8ad96ecda5cebb27ea0f8885656c1038e SHA256: 5c4d71bd487cd675b674e5774c8cf24bdf86a8dd5204ec75693ea5960d20e216 |
|
|
| c:\users\default\ntuser.dat..doc | 256.92 KB (263088 bytes) |
MD5:
d83dcac774dee521012189dc88cc3662
SHA1: 0ab64335840bacbf8cfcf5deaad8cd0ee9f853ff SHA256: 5dfdb0284b4c5a586857ba6ddf5ac921171130b346bca2ff034c47b7d3a68d47 |
|
|
| c:\users\default\ntuser.dat.log1..doc | 24.92 KB (25520 bytes) |
MD5:
9b22fc5462ac88989eac80428326c8b4
SHA1: de37ccf141aa88e2b36823c7f264dad2ef879d13 SHA256: 0bde45128964856c98d7e041a6f984193f5e2fef9f6e2bae2fece8b8f4dda676 |
|
|
| c:\users\default\ntuser.dat.log2..doc | 504.92 KB (517040 bytes) |
MD5:
0e555c1eade9bd288351ec55ece64351
SHA1: d8088abab0fa629c0a2ebd85b09495d004a55eef SHA256: 13e5d77a28442e6a35c101086e296861f4ea614b314da9d0fa7a9e098a8c7afc |
|
|
| c:\users\default\ntuser.dat{77a2c7ed-26f0-11e5-80da-e41d2d741090}.tm.blf..doc | 64.92 KB (66480 bytes) |
MD5:
57f5d78a1ec92fde51f041dc00d88054
SHA1: 014d993b9c714e98da5f6c99cd385ec74353784c SHA256: 79d7a87a7868d9fa9c931d396517e6cdcd3f7c6dc3c6ba5110693181eb03fc7d |
|
|
| c:\users\default\ntuser.dat{77a2c7ed-26f0-11e5-80da-e41d2d741090}.tmcontainer00000000000000000001.regtrans-ms..doc | 512.92 KB (525232 bytes) |
MD5:
48edec9d8fe3890abc8a341cf0a24a3a
SHA1: 9ec639610f86974fa0f04d099995ab77e3123dd3 SHA256: 2fa43cfae372a2f004aaee09c314d1641c334862115636da0aa35f5ede3c907c |
|
|
| c:\users\default\ntuser.dat{77a2c7ed-26f0-11e5-80da-e41d2d741090}.tmcontainer00000000000000000002.regtrans-ms..doc | 512.92 KB (525232 bytes) |
MD5:
57b2afe19de2c0e01e104353ce5c97c6
SHA1: dee459ee5a30f2ff682188a4d33e1c7ef200774b SHA256: 07ea3cf325f425abf86e54b86ec9924ea3c9d1cdc9f3abe1d0d4e4314d7212af |
|
|
| c:\users\ciihmnxmn6ps\ntuser.ini..doc | 0.95 KB (976 bytes) |
MD5:
1524c23e29ca650fee428d62e876b108
SHA1: 234adc81a95746aebf2e5f06f6fc63b13d3b814c SHA256: a9a2ad3c5c92a5dc415de2e8578ca9d214a958f7b46d8dcd988d4503cf9e546b |
|
|
| c:\users\ciihmnxmn6ps\videos\desktop.ini..doc | 1.42 KB (1456 bytes) |
MD5:
bd3d4d5eb25d64e78a8dc21a5b0ce4c8
SHA1: 5a860bd27a305d6e6af9b8d406836bcdbd0c3d46 SHA256: 874beff6a5c1aa61d7c49a25dc23a22eb7b0aecf5cb5b45b455afb0f9d8b52f9 |
|
|
| c:\users\ciihmnxmn6ps\videos\e2wasdx2n_.flv..doc | 19.16 KB (19616 bytes) |
MD5:
a6d96e199780925d81c91bb4fa149841
SHA1: 2f73ba8ed8f14895d10cd2ecdaebe16029c30df9 SHA256: 2f0627608232265a780eae15074fba5f7be01b0a4c5e41c0446e1d75fe69d9c8 |
|
|
| c:\users\ciihmnxmn6ps\videos\ibtwm8.mp4..doc | 61.77 KB (63250 bytes) |
MD5:
869d0badcf60e04ecc2b218ed188b179
SHA1: 6887e6ae6c26e10ef141116a800aaeb571cf40e6 SHA256: 172284c36a0ac87fb5c30ff25ae5f18efee95ac312fe773b22785c795ff3645b |
|
|
| c:\users\ciihmnxmn6ps\videos\ny17g87un.mkv..doc | 72.39 KB (74128 bytes) |
MD5:
c0d2b4ce573c4b64c6677f6bc37c7415
SHA1: 162bba83fbbfe53f338d365cb2b95e54cdf9bd5c SHA256: 79985aa176fd5b4a528a40efbfe9cecbd6cccf6c168123134e4b7566eaae05b4 |
|
|
| c:\users\ciihmnxmn6ps\videos\p1l10vzx4hd3-c.mp4..doc | 7.83 KB (8016 bytes) |
MD5:
c4fcb29035a817cc14f45304c4d2490e
SHA1: d37b16597503b5bc72dd20ed9b0061565bce7841 SHA256: 4c13bd5c2a840fe2698e48900d9e5a2d225018410104ab0739a6ee816197c36e |
|
|
| c:\users\ciihmnxmn6ps\videos\u8xibbuo9vcag.mkv..doc | 46.87 KB (47994 bytes) |
MD5:
ef5e1f614a58744f99a63faae1f07cbc
SHA1: ad87228795e5c5f35f0beecae9535607c3b6ad2e SHA256: 2f0538dcb5a3fc252bfb660e65f218f482491202bc4cbac19e7f295507c5d1d8 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cpccb0b.swf..doc | 14.47 KB (14819 bytes) |
MD5:
77c363aa0b79f3d0d3668d81ecb9141d
SHA1: a6617a5f0203ea9c75a3012cbae6ab87f497f31f SHA256: 0e02cfb29fea57bc04a3c47f50279cbcd2b82bc0c8e71d36413805de1c73bb6f |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\pgluhotas6kwmmfsdl.swf..doc | 63.94 KB (65471 bytes) |
MD5:
2ef50514bbdf5c1fb1d99df1003680e4
SHA1: f00a7c057ca940e40c09389e96080ff1d23300c2 SHA256: bc12ad5610ac4c5278903dd2afd1c8c66180a1c519ed54f4c998c8f45124de70 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\6e5-hpmrbs.mkv..doc | 10.94 KB (11200 bytes) |
MD5:
224edc872eacbcafe10cc214a8d8f606
SHA1: 44217fb10c26be8043cb8e1f8995a7a0616d948a SHA256: f88670028a1bc60e4b18741205e4d4a34f8cf076bc2a4d00e4c1e8b55619383f |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\6gwg.flv..doc | 97.88 KB (100224 bytes) |
MD5:
7727271b003ab118e5a7ee4f46935aa0
SHA1: 06f4b83bf0e1cd5fe9a338e2d436627c4f634555 SHA256: 6f53372a64e6aa4a87218501439ea4d762b340e2c876ed860b40d58d71b2dd92 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\gxfzekk51.mp4..doc | 84.05 KB (86064 bytes) |
MD5:
2c531982707a0d2bf59074d62157b4b4
SHA1: 2293b64dd2a55424b9324ee43e81126f8118e585 SHA256: 62dabff92059c12969278fa6d0cd937db0c421bc9bf2d03b1862760d83749382 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\li6eau1sqq2.mkv..doc | 97.64 KB (99984 bytes) |
MD5:
cc3026377aba30e4133e5fce0bb76937
SHA1: 157b1734ca63de36fba45139b374d21786bbc389 SHA256: 47e13837c48b5d49d11675d8e387e57504166d0957c68d17cb5a03cf591e5bd1 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\p17xszau6p5nex19v.mkv..doc | 78.21 KB (80088 bytes) |
MD5:
22b8453bc206080fbca0de949a9bff50
SHA1: a5dc55caddf3c00c8ebe8bd5c703256bad2da952 SHA256: 1600762b28cd5fd906eec2d17dfcaba6fdd1d47cedc7c3e0dca77645667eca43 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\qopwqzk.mkv..doc | 14.88 KB (15237 bytes) |
MD5:
0b1b91e03ccdf4eb9f73ee409be5e17c
SHA1: 9a0def13f02c4680d9bb499e406ee70049789591 SHA256: 09c06b2417d218510ae018c5572d9a6e473f7754f6ed606e960d4fe46bbc743d |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\u-mjrv.swf..doc | 24.67 KB (25264 bytes) |
MD5:
3349fa04afe142e3b99cd9812bdbd1e6
SHA1: 7236a7fc759079d2bb585a4965abbf117ec7b37f SHA256: 3d6909f8e1048412e03a1e0b5a7154a7d7a693b6e95840098229dad9f0637f20 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\wyrssbqc98w\jngbvbxt2te.flv..doc | 81.98 KB (83952 bytes) |
MD5:
16c7ee5f1fa526ac4802dc6b46685f2c
SHA1: 763d4427b0d6e6b2b7ba36516c8b98296b18aa92 SHA256: 307ecdb45c3220a1d9db865e5cd134b219525614fe2c5850504134fa0891b750 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\wyrssbqc98w\xfnky9jskllvnzza0q7k.swf..doc | 66.39 KB (67984 bytes) |
MD5:
8e55130411fb86e461cac2b1786353aa
SHA1: a5fc0bd86905e48f5f8ebb054463e4671f3213e0 SHA256: ba3d8c13f3de0bde5ed1a4154c9f8de820891a8234c49417577feb9e2bbdccd9 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\cn620-gsia4nyyycofj5.mkv..doc | 61.95 KB (63439 bytes) |
MD5:
94fbaa99139c9d10a02bfc36ac9de466
SHA1: bc138ad598b761a24e0d0013cf64d86dc4fc140e SHA256: b1e9c09cf2c3eabc1c4c394d756385daf0ed24b4c23a68d646b660fe6fea512d |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\tt_x88h6 pabcl7r-.swf..doc | 97.97 KB (100320 bytes) |
MD5:
710e3b7a9024eaab14b0f4ca641b75d9
SHA1: a10e5dab1ca75408740ce320a4ffa30703ff4855 SHA256: f967457c20a83bece1ff8ab326cc7b6354c8f5ca9d37daf0c9511e6a4665faeb |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\z5nygqlxcnl5cc-.avi..doc | 55.08 KB (56400 bytes) |
MD5:
aab7e0c401e157c1c2578244eefe5fab
SHA1: c238e5b64433873f13430a7d7210779ac149145b SHA256: 8364c334ff92f20ac6b24b1d8bf77b98421d16143a6edab55dc938b2a16743de |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\j-xye\4tnmmqdfquco23log.avi..doc | 67.50 KB (69120 bytes) |
MD5:
c3b8766fb80ddf42509e7f761928dc30
SHA1: b4d33f1cf53cecca4886ce8d2dc5e4db905c0a01 SHA256: 8e61c5186a0dfff841d34d4dedba3589455dc0f82dffb09b3a809403ebf5d29a |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\j-xye\9jzc.mp4..doc | 11.02 KB (11286 bytes) |
MD5:
4a6889191bccb24e074c8c8c38412edb
SHA1: f9b029cc2c1a8d832a6a3db9249ad9a536eb53ec SHA256: 2a526ea714599dcacb6bbbbbd4caba2866f483b2b8484a37a0855db68c9e19c0 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\j-xye\fwol9dbwif.flv..doc | 14.21 KB (14553 bytes) |
MD5:
7ca5c244029c3c8be3219c37cc5c6fa5
SHA1: df6bea5d708fb2afe2052673928401fd946d62af SHA256: 6face97dd1e3c6aef75551648680b05a670e34e8824462b68d627ccce635e418 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\j-xye\o8eem2rfs_my3eq9rg.mp4..doc | 78.65 KB (80536 bytes) |
MD5:
ba8ccb3fdcee2914c38bce0524e842b8
SHA1: 65e64716db0da062105d70ba2afa2ecff90fd9c2 SHA256: f8d7120d341931fbbcfa46124bd7192f7dbc2f10d5e7d6bc33eee61c5cfa052b |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\j-xye\s0d9d09esgnym8fvdwh.avi..doc | 10.59 KB (10840 bytes) |
MD5:
bd974c8625ad3b525bfcd5bc7ca38035
SHA1: cf8d51a8866500327d11a32696c56b6292be4561 SHA256: 19f5df5f700308b91eb93b30ea24fee2c5bc10f2a74a357b97d244d619871097 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\dindjpm.mp4..doc | 82.78 KB (84768 bytes) |
MD5:
4ae1c4e97f55af4e88994edcace7da04
SHA1: 3529e9ca4db6e2dde3252cb17311ffb48bff3801 SHA256: a777066c67f3326bd8de19d3d77345345d7ca1e7720329267caf479bc0368495 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\gppag7bkp9yd0gqxy.flv..doc | 80.18 KB (82107 bytes) |
MD5:
36950664f74e1b45f63a64ad3198c4c4
SHA1: 72fb97c7ca9c532b0d374e13d3edd23528b93230 SHA256: 1a2b8b094e6ad3f6a08229865269e08f1f6b7addfbdf0cc8eb5d2a812e97ac30 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\gx_wpidl1d.flv..doc | 73.41 KB (75175 bytes) |
MD5:
fc1b8206ef863f678da28ae60ff32324
SHA1: ac7999e33a532a057f2bc5c5002cce9139377fc1 SHA256: 1f314cf51e1aa8b12f451de8f0b25133200e20e8562e8c1e3cddf5305e91e0b0 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\nxloupbusenpl3p-\wnvoa3g9jp.avi..doc | 19.09 KB (19552 bytes) |
MD5:
a937f1f839db02afb42d1607d1ded6e0
SHA1: 3e0379560c88f8c49c9bf53d4a2567996f17b929 SHA256: 4f33edcf69278ac37b940a4eda0741af35ba6b54d261723c27518704e82676f2 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\8klt4ds_wbyaiwwtj\29fvawn e8kitezwwn.flv..doc | 65.27 KB (66832 bytes) |
MD5:
43ec61be6fd526095167936b71b9c80b
SHA1: e60eaf40ee03bb331bf4f80570e2f91048e553d4 SHA256: 2e6d24776764e1a69b4cf04bbe6938b2fce888d9e0a4d92086bb7c10ca2745d6 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\8klt4ds_wbyaiwwtj\a6mtdotp8ju.avi..doc | 61.77 KB (63255 bytes) |
MD5:
3608a2b7bad77eb62fa08acc7860790b
SHA1: 1fddce70e9c76b8e19e6a8cdddb037b93816aa9a SHA256: 4f570434413579e169995ce8070bf8d8532d0e6bb283e81e3a13d01889815f69 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\8klt4ds_wbyaiwwtj\ezsh9_u.flv..doc | 88.12 KB (90240 bytes) |
MD5:
9592d4228871918fe89dfd41f35f2519
SHA1: 576536644a6cd6cef1ebd34f0f61f6332396b24f SHA256: 7f449b69ec6e80ef67ef543350e12f2af51a60d7e5a3a89d404f822ac7c5ce8b |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\8klt4ds_wbyaiwwtj\waljyrb.swf..doc | 61.55 KB (63027 bytes) |
MD5:
9054674649197d9a0c4cff7331c123f4
SHA1: 9de74aa70b9160dcc0454a2b60cd84c6960635c6 SHA256: a4c07abb692ab47758373a5430088a0fdbc7a5328eaac1f0cf8f5d9439b9001d |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\auvu5oo_3gglwzkk.mp4..doc | 17.12 KB (17536 bytes) |
MD5:
59c24a41d3b59a62c2332684cdf7a2c9
SHA1: b3d8f3ba307b40c3d24350621282b6a707fee3d1 SHA256: 377ae13f6d315cb476f6b2e70531ee2b56e4b479b8afe2a0e4f7d50329c91673 |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\kmleb81ee9b5n1x.avi..doc | 35.66 KB (36512 bytes) |
MD5:
998056d7bb4782afc1fe5dd83831b349
SHA1: a0d8bdccfeb75d91c92c37ef9c8e27270ca66123 SHA256: e57bb617df558bf06851dbead8bb94a488a7d59f0585d9b6d303737e76212765 |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\nmno7w-y-y.swf..doc | 55.27 KB (56592 bytes) |
MD5:
afbc6aae9a38e174bba006c3eed12fb1
SHA1: 8e2afec244434d71356ce99f54eb2a060b186fd4 SHA256: d722f4cc88e9845f795364929d9a39dfe3dceeb94a6178c498d5fc984797d047 |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\ajr9qn-j2iqxfffeuvm\fvnqxqgywua5.swf..doc | 85.31 KB (87360 bytes) |
MD5:
08cf7a35d11c46ef9f2636134600a86d
SHA1: 2ca70859374af74b538e9d2dee9aa5c6f07076a4 SHA256: d7207d75687dcc2265408367f777e000e2ca602cc61940275efa6bc1dfbae30a |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\ajr9qn-j2iqxfffeuvm\inom_uv1i78k.avi..doc | 70.34 KB (72032 bytes) |
MD5:
3f0d9b18e92cddfe21eb116820e72a56
SHA1: 8f78ef7d1c1cc1458b83ac4f6f845449a9464bf9 SHA256: dd2ce7ba60461cb0302fc03576843773928d1fc4d13cf480ca79c2b516825a3d |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\ajr9qn-j2iqxfffeuvm\l6wybm_d_r_.mp4..doc | 61.95 KB (63433 bytes) |
MD5:
df53e775ef95e9d4c47ff79c72935cc1
SHA1: 53ed9157075b7aa18ee2abec0419a623c4acd2a5 SHA256: 58c9eb8125df9d1653c419f73e3dc5d0528682a8bd74a47209ba75802c678fd6 |
|
|
| c:\users\ciihmnxmn6ps\searches\desktop.ini..doc | 1.44 KB (1472 bytes) |
MD5:
c4c1f7faeaa84afea0455e3ad7466095
SHA1: f53b0cc38d4f8c6b30926e357e63d6cbe5d5166b SHA256: 7fc129f00a30303e0fae704350f13d9534be76909e6961261677e3b75d960a80 |
|
|
| c:\users\ciihmnxmn6ps\searches\everywhere.search-ms..doc | 1.17 KB (1200 bytes) |
MD5:
67a89b1d4df7926bb1282fa543e092f0
SHA1: db060cce54618b30a81ef32e3ab32413cc98df51 SHA256: 0f7ad004fc0f95aea113801039197f9c33c45f1953356bb603ab97c109396cd3 |
|
|
| c:\users\ciihmnxmn6ps\searches\indexed locations.search-ms..doc | 1.17 KB (1200 bytes) |
MD5:
9f661fc1d668f3df14e769547e7beee1
SHA1: c7fc75a79d8556a2c8862f39a7bd13df6d800be1 SHA256: e81325733aa1be43630ecd9a9cba0cc6e69b9bf71ac8262233e05e8500eb5cdc |
|
|
| c:\users\ciihmnxmn6ps\saved games\desktop.ini..doc | 1.20 KB (1232 bytes) |
MD5:
d2c3bc6c2e874a4e62d5752742d6a26c
SHA1: fca1d2e592d8698781d386f7ce2d310384c5853f SHA256: 2268250d88125d513d73334d7ecfd5c0ec075c5639646ac99e17bf8220e96c67 |
|
|
| c:\users\ciihmnxmn6ps\pictures\0hk3ferwlwmdegnqx0.gif..doc | 25.31 KB (25917 bytes) |
MD5:
ac9f3f9c26338af80c9ba05a1b5f64b0
SHA1: e43e831e8a6648909cc0480f02a6a1423f148ca2 SHA256: d2688170b4418761121d914e2c7573fbbe6b326b9544be772c99d3ae547efbe1 |
|
|
| c:\users\ciihmnxmn6ps\pictures\7qdjrw-yomo-k-z7n.jpg..doc | 7.11 KB (7280 bytes) |
MD5:
2dbb0b4cb0b8acf258f575c13848af0c
SHA1: 4a2c061fc5e340860ab6b2f16d5f2ad1d62e2e82 SHA256: e6dfb245a478614c79c30c89345670b51f6182c37bccc7ce258d19076ebc8d4c |
|
|
| c:\users\ciihmnxmn6ps\pictures\desktop.ini..doc | 1.42 KB (1456 bytes) |
MD5:
3dbf9c15339199ca1e20853ace4b31d4
SHA1: c9b06d0f911c553a516f1e3066fcd1f3af08a473 SHA256: 4d8b6c410fde466c6a91419bd42ff117b20a0142ecbf655f2b5c7e18e2b30157 |
|
|
| c:\users\ciihmnxmn6ps\pictures\h7trdzq_5g.jpg..doc | 23.78 KB (24352 bytes) |
MD5:
7caf7deb64e49cce7593c857445d9707
SHA1: 8245ac00ca2d1977b65a96d15aa601001ff58199 SHA256: 6bdc520d1fa0813a5849e335f463903b59082bbac8a66c5143c26cd9b539fcb9 |
|
|
| c:\users\ciihmnxmn6ps\pictures\qrw9a sahnuzyrbroxd.png..doc | 51.44 KB (52672 bytes) |
MD5:
bef17db6f8008201e2eee7fd8215e509
SHA1: ca910c5addc99824de22d683676ab0e7bbd0c802 SHA256: 6255803a4dd36fa4b6b32c5152151fb9414794203bcd7b676c79d12731a1cb03 |
|
|
| c:\users\ciihmnxmn6ps\pictures\qtvkcwkzzwibwteiqbm.jpg..doc | 84.81 KB (86848 bytes) |
MD5:
6221a08d21072faca2c26a7097305663
SHA1: 339bdab658b3cee4b1dfbd555d67b97fa002a177 SHA256: f5ff60ac82babbb8ea59c7690f6ed00abbd182317eef555b0864a53b2e802b3d |
|
|
| c:\users\ciihmnxmn6ps\pictures\th8eu.jpg..doc | 62.93 KB (64444 bytes) |
MD5:
cb536c6ba05ad084eff49534b411798c
SHA1: 791af3ac7e44f90ef0aa93c3c6aed09210b47f19 SHA256: 616f462f32179ebad3ccc620412868de4ff8653e13f2a0f3407afc4c3d4707d1 |
|
|
| c:\users\ciihmnxmn6ps\pictures\xphr2tjjz.gif..doc | 88.89 KB (91024 bytes) |
MD5:
6ffd4e7f9b56f035a66f15814759b63a
SHA1: 2b1d5c41a36841dce08c429493aa8041277a6029 SHA256: 3271d5f78d0e0a9d15c4c0434ae1beaab48fdbe953f649d7be9dfae66fce2f7c |
|
|
| c:\users\ciihmnxmn6ps\pictures\saved pictures\desktop.ini..doc | 1.11 KB (1136 bytes) |
MD5:
b0d042871f93477b4b37c70d7629837d
SHA1: 66ef0c636edc9f29d4ccf63034dc37e8ebf88ec4 SHA256: af01d088ccd7258d620311b66d6308413f9a5b618df0a162b66461913890d241 |
|
|
| c:\users\ciihmnxmn6ps\pictures\rtevorrnw0ui5otj\-9fnhcfha2.png..doc | 26.58 KB (27223 bytes) |
MD5:
a8594fdd545b6bb17c417f4873165714
SHA1: a886b4e80fd4f7e4e1c6f891c045b38ab0997118 SHA256: 748f2bbfb8824b5e10ae6479c549f6f69647d25377479cf85b58529ddbae894f |
|
|
| c:\users\ciihmnxmn6ps\pictures\rtevorrnw0ui5otj\9xuhi63.bmp..doc | 52.25 KB (53504 bytes) |
MD5:
cba8de21ea1a126cfdc94024e40f0f55
SHA1: 46e1f7efd4a53808d430e12adfd8728f315abd60 SHA256: f4d65c1671191464475c8d6c7f61bf0d8fe07be14bbb27977cc3670f0612445f |
|
|
| c:\users\ciihmnxmn6ps\pictures\rtevorrnw0ui5otj\hkqhg.png..doc | 53.72 KB (55008 bytes) |
MD5:
12d9125b7719dd59f98119fcb76c7cde
SHA1: 982c5debeded46dfe4e4a251971702301159bbca SHA256: 046e39766f992c5785cc76142a09abe4fd9b305a4a0e0140a6c8370b455740f3 |
|
|
| c:\users\ciihmnxmn6ps\pictures\rtevorrnw0ui5otj\qhasofurdpjwbi.gif..doc | 96.34 KB (98657 bytes) |
MD5:
30578e80f0a80370a8c6d465f0b1a195
SHA1: 6b3b47784a3652ac50e44ac130d71389ea8a1e0e SHA256: b930acfbd9d9b5cef9f2e53d1c84765da1a6990c42e78fe247e944fc3df4caa5 |
|
|
| c:\users\ciihmnxmn6ps\pictures\rtevorrnw0ui5otj\x1b_.bmp..doc | 36.02 KB (36880 bytes) |
MD5:
5b0b91210560fe6519b94a7b619c691e
SHA1: f0db99e5d5cfc01b857635cd9a84645f36ddd0df SHA256: 9c64bffd9d021a4292cc55882a66fe3c6b7b7f4288fe1fba6603618de6168d0f |
|
|
| c:\users\ciihmnxmn6ps\pictures\kueb8-smvm\as7lziutzivnqsdmixnj.jpg..doc | 35.67 KB (36528 bytes) |
MD5:
5e79772c1bf60f453460c5abc32d5257
SHA1: d040eccbbb921c559a00c81c2c9ef27f7a858bc4 SHA256: 52e64a74db7f147f4477d73874694bbdc93daf35f83e04fdefd806236b6098b3 |
|
|
| c:\users\ciihmnxmn6ps\pictures\kueb8-smvm\d_fv7 prsx.jpg..doc | 32.87 KB (33655 bytes) |
MD5:
0539fa8eac70342f38f39a2aff0b53b9
SHA1: a798f721381034bebe68604bdbe2a66366a29705 SHA256: 94e9f7d040b6f5608c78adbae3b61bd895e3b49e7edc0f97b227d620aa2eeb47 |
|
|
| c:\users\ciihmnxmn6ps\pictures\kueb8-smvm\kovnpdmyrl.png..doc | 46.53 KB (47647 bytes) |
MD5:
53ba80cd0472f0698fd1aae0d73ae925
SHA1: 9015b1b9c7d81a959e33946dbc4bc036cc7a4457 SHA256: 48f027c9baf7222c23df41960d3780f75b4f169640f35b92be2cd2651c96a3ce |
|
|
| c:\users\ciihmnxmn6ps\pictures\kueb8-smvm\ugmctukfcxobe.png..doc | 93.83 KB (96079 bytes) |
MD5:
077d2fac723f1cbd3d6bdfc1fcccc4b7
SHA1: c97904a3ff6a9e73ad38051e05e87decaba9a221 SHA256: 7d919692580b8bd577a1360c5506249a580d1ffb78bc03f2cc07ed3f6a7e4f9f |
|
|
| c:\users\ciihmnxmn6ps\pictures\kueb8-smvm\ulsdcvkqeuxlv ur2xy.jpg..doc | 45.66 KB (46756 bytes) |
MD5:
ff38a4f3373f37969a54c7ceb6223b9c
SHA1: 22ddf8d15fc919b28ac880548c7fbf0d4b8aadb5 SHA256: de26b309e0ba1723040055c01ca175326fdb25658c5d4f2678435b16772834b7 |
|
|
| c:\users\ciihmnxmn6ps\pictures\camera roll\desktop.ini..doc | 1.11 KB (1136 bytes) |
MD5:
5cca10bd6c111274005acf6f8db9d76b
SHA1: 8ab4945701ba3219e2ffdb58726d345c4dd79d48 SHA256: bd7dadad415f1e07336a09ada99a12632c47dcf7fb5a6de72ab9eaa5044856ef |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\3kc4ze4gwjhznr0zwjv.png..doc | 62.26 KB (63753 bytes) |
MD5:
e91fcc5a22a514f23ab756ab8e965e88
SHA1: 50d754005ca12f35030bb9fba64998c17f460fa7 SHA256: d05103743b01d72da17f90cf0c1216ca7a9e01164df05337456444675c02b070 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\8fsdui62a 2pmyacyjt0.jpg..doc | 12.04 KB (12325 bytes) |
MD5:
af89d4843dfef53adccc8dc0ef2a8934
SHA1: ba1d212d9e0133221334f84effe4ede67597d01d SHA256: 1131be65c1eba551c686f4ddbf5edd84f43f0b8720513530dea691e502479026 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\9n-4.jpg..doc | 17.16 KB (17568 bytes) |
MD5:
97f431bcdb02fb152c69f0fe02419e3a
SHA1: fd31cbdc91fa71fb9f18e29dd506905f0d5ea307 SHA256: 760a7a2b099cc37d79aca7c4a44fdb8a970d0224b4f69ba64fe2f3f0bf797eb2 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\baym9st _guc-pmf1k-.gif..doc | 87.47 KB (89568 bytes) |
MD5:
d7bf4fbff69ac4313be002d49c76f39c
SHA1: 79effbc7a1827648436550239433a1bed1ac4f69 SHA256: 1674d71148be864775ed3c1c68f6b6ade5ad27d3abc77314c90e6c00a5df3a51 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\dy4knw.jpg..doc | 24.47 KB (25056 bytes) |
MD5:
542c2e3411ca3a681549cc1a98856d67
SHA1: 01408887f8b4fca7dcf925b8245e4c15a2515a96 SHA256: 58b689bb52fd767c33954049f14b10c91a6a5e148eb8104127d0161ad3a94b62 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\gfe4.gif..doc | 42.67 KB (43699 bytes) |
MD5:
77fd1a6a20182d86d798362c119dc482
SHA1: 2219754d4bd725d44bf411c526c41480bc120186 SHA256: 1b378dd060e864fec50e1db866c4ecd212f948212c33fe804da903e8c2afb62a |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\l6xswm755meyjgkn.jpg..doc | 32.89 KB (33679 bytes) |
MD5:
599d1503d5df5884c705682574796908
SHA1: 67d2f2dbdd9e52832ee21483d65b390ca534c5a9 SHA256: 54081f08d706f60074bdef6e7f8d10c61d2a80af9c9ba8378c7c2113ac986d44 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\olgvhwydqyi0lakbu.jpg..doc | 62.46 KB (63956 bytes) |
MD5:
bc53f8db3d2219662d16428f33bc9c3d
SHA1: 42a4788a39c115d40c18c403c17c08927ffee412 SHA256: 5ebb588dec0ad24e05480a2eae6bdbd0ad2650eb2b6e1447587cb65aab269859 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\rjzgheo.jpg..doc | 72.53 KB (74272 bytes) |
MD5:
4011b193c3ea477cbdb7878b5e6e4ace
SHA1: e365174a03247c97fc9ee07248498d3f860b80a0 SHA256: ebe9f6bcf0406f51ec1360024a0baf809abfc4cfa9c8f54e2acf6545eca4a6fa |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\v_voep\5b opcyk dpcoz.jpg..doc | 66.06 KB (67648 bytes) |
MD5:
bf95a5b5530da4c567c457a7405ebb09
SHA1: 62aa0ee530b1684ac4a3308d1a226c8a2b999a45 SHA256: 975f8a21e4602b9515be89d331d38b1155f9259adc53e09f3e47707f91236b48 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\v_voep\epxxkihhqhnuu6fk.png..doc | 99.48 KB (101872 bytes) |
MD5:
4c7f676d50a765b1c881721991fe70a9
SHA1: ff225983c83fdeac6d24e00bc28690dd9ebc0d23 SHA256: cfecb0949cb1b424b3b14aade255d501e8960e263d3a5311e896ed045f6374ab |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\v_voep\ptut.png..doc | 7.81 KB (8000 bytes) |
MD5:
5ff39262daafd22d49661e9bbb4937fe
SHA1: cc287a3da490d7e841759a957fdec13e4cd82e2a SHA256: 796c0c58d34b7be60b69345a52494b8f3ff6261ae18323719503e17a125350f4 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\-5ln7dorug9.png..doc | 46.25 KB (47358 bytes) |
MD5:
928d739af09a9f89057dbc12faeb53c2
SHA1: f35051ec0f0ee9850b1defa2e76b16027bb25166 SHA256: 1a1169bfb1d5c2c7dc22af9cf6bd0745973a62b94c2b415598c747335a0996a7 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\f0xhzrypqok3ky78oshs.png..doc | 46.20 KB (47307 bytes) |
MD5:
1ab1ac77b6519d6d5e64284749dcb175
SHA1: 2cabfec4627b0f99dc431fc378822716385c6030 SHA256: 00765bc7e24a8493a7d6b86414551b3ba60a33561f631a3623b61aea3c578696 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\i39wbfumyp6nr8z.bmp..doc | 91.08 KB (93263 bytes) |
MD5:
b44ff50eb8a7d805974b9d748c93fb52
SHA1: 7c511012208b5d52b8610795bc4519f2ada50ab2 SHA256: ef5a76511fdbdd3bee2f4d07fad1cf1a1a805be55af41705faa2daa9daa51996 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\mazf5-.bmp..doc | 37.14 KB (38032 bytes) |
MD5:
f0bf7f7c785877b62a459ffb5e32ebe5
SHA1: 2535230322be3bc8a95c223aed64435dfead5cc6 SHA256: 118fb7d5ede3c8190d5bb77935b2e3dd7026a03279099e7cdb00b1ff89b374c2 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\tlhdeof6pkj-_rumjy.png..doc | 100.17 KB (102576 bytes) |
MD5:
04b3c7e69561c2888e7a5b84ab9f6d59
SHA1: e8a412c9f56fbe883167bd6ead7bfbd42fe9d44f SHA256: d87875105600cd1c0aace4d8bf777135cc51328c22b204a295090c9a68e6bb7e |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\tq6halxmym.jpg..doc | 39.80 KB (40752 bytes) |
MD5:
786713f927ab73bf30c7519cbc9a0544
SHA1: 75676b5f9d301b1e37d5c1dc2ee5e82cb9ef5045 SHA256: 4be5ad07ac1aa15652184451374b3b874826fb2d72643211aab4b92a94f8aaed |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\6ghfbg6r\ydgp6n.jpg..doc | 29.31 KB (30010 bytes) |
MD5:
f9684a45f6842e4b1cc3d62a8aca8d0c
SHA1: dcb6b5f5d6420e92473415630a11c074c865fb1d SHA256: d5d0e1ac0f2c1b53ffab0344f4f54556ee059759fa7e64d61a8f952daa9458a2 |
|
|
| c:\users\ciihmnxmn6ps\onedrive\desktop.ini..doc | 1.03 KB (1056 bytes) |
MD5:
0072fd5678c831e896556403c9a56dc5
SHA1: e5f5c7cf7b6d6e5ae349dfb6fb2f02f95130a79c SHA256: cc05acaabf026ed6bcd29908ae5079735617583855e4fd6557d8e310154af02e |
|
|
| c:\users\ciihmnxmn6ps\music\-gv6hl.mp3..doc | 5.81 KB (5952 bytes) |
MD5:
2c90f23fd3114719e5dbaa82caa89f90
SHA1: 250d53eaf9025c4559cdaad0b27f7ed435f1a782 SHA256: ebb0613399cc729b99177b5ebec4f245500a6e66ab9a052f92910d6937d6f691 |
|
|
| c:\users\ciihmnxmn6ps\music\a7bhmqqgp.wav..doc | 32.09 KB (32862 bytes) |
MD5:
b0fa6eab862c042066dc38fad71cabef
SHA1: 7d348ab645d083ceed008810414fa7ef7a44e201 SHA256: 4fef77b6c8e7f4996e016a4e24c274e0000ee2e3f7efd1035b233bef8ab84ed4 |
|
|
| c:\users\ciihmnxmn6ps\music\desktop.ini..doc | 1.42 KB (1456 bytes) |
MD5:
c97099a5ebbc80d50d309d865880682c
SHA1: 4ca5f47e27d62693879f719b542b2904b0563b56 SHA256: ad3c0c99182392975db23272978191ff9571c70e703c03a405338a777fc58be2 |
|
|
| c:\users\ciihmnxmn6ps\music\fgplqzx t.wav..doc | 93.08 KB (95312 bytes) |
MD5:
0c76019d1dd59733e76144c42f6bab95
SHA1: dc9544ecd70bbde7a47e1c8e0566a7cd56a77d93 SHA256: b58d31ec4f4db1e03b94ed836f0da1d41d8e7372525d6496b5ebfd8e132bafb9 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\dckf.m4a..doc | 29.11 KB (29808 bytes) |
MD5:
b007a5506f60a4dd110bacf3020a385f
SHA1: 293f8367e9af5a7fdc6c0236488f35e37d4efe47 SHA256: 553dbc1b733af0c76ef0c3f3c7e922952243f6369c0d1ad8466168573233207e |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\dsupk7zl9jc7_qd.wav..doc | 21.19 KB (21696 bytes) |
MD5:
e4093144803c7ad006ee5d2eae5cf5b7
SHA1: 1b5493aa25f317782189d937ad5ad82a9559a407 SHA256: 7b515183cebe5db526924ac367d388c1b837ab659c206cd5b099496a656cc2a8 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ippvcsepbfwdelc.mp3..doc | 70.28 KB (71968 bytes) |
MD5:
f0ea0deefa136587fc6a510b1395a251
SHA1: 368a7817564586557f049a96d4f24a32ddb462c7 SHA256: b8044b5eda6fbb828bddf30c03b8139cb8305c0d586d4b85f6e609ccc082259b |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ozuwudusfqn.m4a..doc | 32.79 KB (33572 bytes) |
MD5:
f27d09d9b1f2a01da155b43943031bca
SHA1: bba3aabb49cc0b4117c0b02e9cbfbe2aba2928f6 SHA256: ad5581fbde71925b779c79b29baa5e2c9979765981b5bfd5a363769352d45b4e |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\vnzuuijun.m4a..doc | 87.66 KB (89760 bytes) |
MD5:
ac7657ac37ab2dad3dede5f0bb1907d1
SHA1: e78532985ce0a17447226d5d6529395226052e9e SHA256: 7dec2fd091ed96b53bdb35ba628a2e527e75c675c448c52eb05cc1f1f8709102 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\1fc6vhdhwaiuxr.m4a..doc | 49.75 KB (50944 bytes) |
MD5:
6357bc54149cba544428784c0433f230
SHA1: bcd5d2cae4b888848a90ca8a63b37c4c2050c095 SHA256: abdb19f2f52b16492433c58b4f3f92079aaeac3298aed2feadeaa188e07db67b |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\d0i5ilhq2cc66s_ealg.m4a..doc | 95.12 KB (97408 bytes) |
MD5:
58feeb6c0a8d6b8c0ff50d78f28885e2
SHA1: 9cbbc6031e6808017669df470bb7a2e63f519f5f SHA256: 608c971dfc4e0319f8e435d89976c085c51bbcfe137b7b7960a0fa7c2d5897b4 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\esxi.mp3..doc | 80.34 KB (82270 bytes) |
MD5:
733585550054dc6ed95b4ec83420b6f0
SHA1: aee3d0171814ba4e53f0868835b27937873dc417 SHA256: 1343c6dcadfb0d04b39cf0260b68f5ab7b4dabbff0ee7c9fd5efd9b6c3932b40 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\ew3rsnw.mp3..doc | 47.32 KB (48455 bytes) |
MD5:
41e5deb048024ef38b94630c5223d365
SHA1: 76cb14460a77226515cac081e58ba731df533f49 SHA256: 2069c416c8c16ce33d9b02a204f4194825afec85e895221cf0cafe7e7e8655e7 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\i42jovpae6wr.m4a..doc | 32.44 KB (33215 bytes) |
MD5:
0fb34c7d0f053d21d608b8ea277b28c9
SHA1: 90d40ce6670dce890cd09d346d68589b5b03ea9c SHA256: a6f18da0473a435fd9b31667fa1ebe8e5db1d75f7f44ce1b50a7c7bc9cfe11a0 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\k4en3jl_.m4a..doc | 77.11 KB (78963 bytes) |
MD5:
fc490dee92d7ba28af2adb66db5aca54
SHA1: 0d53566be4a391be7fd715af4f31941e4734803c SHA256: d17ed4b8b9c6579694c17462c1f333a4e22b46a4295a3371e3574098cd62a4af |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\oc7nraysldll.mp3..doc | 13.47 KB (13797 bytes) |
MD5:
5d845b1ddf14fd713ba167b947d98559
SHA1: 50c9348cb4ef95a6400be8c1a87e9d15ee4c805e SHA256: 4fe8205178e31f39942f682e989f0b38661366393ee36e9dc259474709c46f13 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\605wo0ig7rv 5gkzsb.mp3..doc | 100.14 KB (102544 bytes) |
MD5:
92d8cb8ebee0bb258d0ff45bba2bb6b7
SHA1: db1c51175b3e42a1fd0f2adecaf54c364c036438 SHA256: b6077ff7a2a3ba47b36a1db551aaa36cb0d2e47f679429bf0550b60bd3429903 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\m1rlmk2akfhdrfd.m4a..doc | 28.71 KB (29400 bytes) |
MD5:
a04e323349b77ad51775718d94d07295
SHA1: 5ced5c633cd764396f3a66ebb33d70580c85d05f SHA256: 3452a2c547fa86a8458aef3b7df4401e93e4881d2d4ac252d3a78997baacca2e |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\pgszj43skzy.wav..doc | 75.50 KB (77311 bytes) |
MD5:
b00326eb8d130047caf56c0246925ae6
SHA1: 9eb3ce342b9865c336423eb839a1ae6568e87c31 SHA256: 6e315628f59f2919f8329c624e822f963db94a8c92a5316a6509b5922ec13ce0 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\yx7ef.m4a..doc | 79.60 KB (81512 bytes) |
MD5:
8d82a8ffae788d669b9ddcb04b39e04b
SHA1: c24f5f84cf5b6027643abdb0b74cd3285f2c3507 SHA256: addfb6544509b015e79c673160ee3a6a393fe52ed68c442f13f37c7d811a1339 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\tcotoe4f9fr69v\lce5uuov6td.m4a..doc | 65.59 KB (67168 bytes) |
MD5:
21afe0d57dab129e4eeb2e0f8e9e09dc
SHA1: b2ae5640ce2ca2aa9d3cba017b0dba6fa76da4a1 SHA256: 7b699621de7ead27680c2377132ad87d45f5d012aefddf3e1d5c8047f5bfa917 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\tcotoe4f9fr69v\vapnw9bykw_hbbp.mp3..doc | 33.61 KB (34416 bytes) |
MD5:
aaafcd348ec71e590e2674469356ab02
SHA1: 259d3d85b41f3dffbd7a4ce1fdc551d2e574bc05 SHA256: 91469c74b9970b2e4165a35e9ffcaefd5436e46e62aae2f9cd28239595240a08 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\tcotoe4f9fr69v\x9tnf17hn1x0_ekcrc.mp3..doc | 28.24 KB (28919 bytes) |
MD5:
4b8778a5461ddfcf01ea1ffa74ea30da
SHA1: 3e638590c658fe9271f7477afe57ac074206fc65 SHA256: 16cbb794377ac9e0e71a9f831909d91f264fbd8422c7bcec1abbf2eaea76f31d |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\tfeyyxaopweg\jfdazs.mp3..doc | 5.50 KB (5632 bytes) |
MD5:
bc1906627c022794f5083fa1e9d4e445
SHA1: ef5af09875614c367f09e0dc4e64ba5f42b108a5 SHA256: 535dc7348f9508a832322bae74043c27fd59e5a4599414213f0b8a2cc3b8bcbe |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\tfeyyxaopweg\pm7otm.m4a..doc | 14.89 KB (15248 bytes) |
MD5:
0742e8a807ed2e32afa17686ec6dc692
SHA1: 374f1e1b03d2823d1ff6ed9b88bc358e4fb4ffe1 SHA256: e9bb179e71217f4746c63941d9a67f59bbe38ce7de4a4915e5e85698f1713001 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\e 0yavcuvr4xtgj0s.m4a..doc | 62.65 KB (64152 bytes) |
MD5:
6f6e2ecf0db7360f0afa5728831559b0
SHA1: 78712f3c9015a24e34501d4c8ae43ee5d8c8e0eb SHA256: 45c7f50ca9507476362466b3479653a594b24af40b6f24a50c80f8c6ba341e36 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\i30gioixb.mp3..doc | 60.54 KB (61997 bytes) |
MD5:
c9bb8b82d67c18188946bcede0643e96
SHA1: 4f6d8b6496fa017b30da91e5458de9793087710a SHA256: 153ddd4d181120b7dd545a44dad7dd2c4be1cff9c5889dd29b13db6e55e12aff |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\ikm7 z01-mol8cw-v67.mp3..doc | 61.00 KB (62468 bytes) |
MD5:
ab1d36c557cd637ebc23b477c76d6c1a
SHA1: 86233756e704378370f81a345f646e9ff955ea88 SHA256: aac3772f64ce5e546a77ed492e4ac3ed20ffb62400871d1c062f40ed6d2c5f82 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\mrwbv.wav..doc | 42.81 KB (43842 bytes) |
MD5:
427a283595977e77ae73ff64ca7f54fb
SHA1: b201e0f59f05cdaae03c84ec51a47080c5e0084c SHA256: 3d30b015795eb0cfeb5d510679701fa0ba997a347999d9fc535f83e38d3914c6 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\ppqizb7pszmep.m4a..doc | 50.16 KB (51360 bytes) |
MD5:
3a3a2f0cf688051867da1a102a06bf4c
SHA1: e558e3eefb5a2fe5b3ba3aa19ed33f932b3fd77c SHA256: 8b24602303558287d88743d316d682a4638f2f25f6ba91ba7eba107f102b7675 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\vm4enrsiqigsp.m4a..doc | 67.42 KB (69040 bytes) |
MD5:
0bae79acdbfa8768050dd71671578cd6
SHA1: e493c273c9500815c8a7cbe630507bc38e30b639 SHA256: b3aa9d9dfd8b5b072e3b35068e58a2853b4fa93d2c1797b6bc8567ab1344f63b |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\9qybl5jzyjkpk.mp3..doc | 94.48 KB (96752 bytes) |
MD5:
36ec66301c50b899fb4f26e0d6e0096d
SHA1: 307327956ec1124c4a945ad175779eb637d7bd58 SHA256: 6c313dd4858f47d61d0a618aebf65e98c2a06d649ba347f282bce38cbc282f31 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\boyhfub.m4a..doc | 89.81 KB (91962 bytes) |
MD5:
fcc60f00f0c916574574f596403c98a2
SHA1: 07666e5cb6475230aef594bb9c3993a3d0117471 SHA256: 387ed2ea2731052e631ef943a0d609ad3b346a1865fe6a877131db0bc91ed1c3 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\cm_emr.mp3..doc | 60.42 KB (61871 bytes) |
MD5:
da1f34ad32348d864a69f3f26fd74705
SHA1: cc5a7e3f8c17d2a7dacd3624d82b40ac2f894ac9 SHA256: f145082df5097586bb5dd25e14a361d621d77bd14c4e174c7e5bb8c99aa39f8e |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\mzvj-71fzcsc6i.m4a..doc | 25.04 KB (25645 bytes) |
MD5:
f68b9e595fa1d2cfe074d3329b315ecd
SHA1: 04de33073d4f6bd653be579c0d3a019b28d3296d SHA256: 3bf2e46f349980e193421664cf4d4accfe28c49e48ef596653ef89fc868b9da6 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\sjwerqq.wav..doc | 40.16 KB (41120 bytes) |
MD5:
14d4489a821158afbfa5116dc33aae69
SHA1: 7349f59264588f812d16dc0e2397b085c93f9325 SHA256: dfda495f4b70c219bee2b8b857e1c9e64e45908b33cc5fb6d709119151b986c1 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\tnvqh.wav..doc | 49.55 KB (50736 bytes) |
MD5:
c63fb19280568181cd7e597a7a843798
SHA1: 9ee6383f3e92cd745049320943b92e561e6b8d7a SHA256: cae05315fcc1cdc50661b05daff39e3747ab024a6781abf2243405faf1a100aa |
|
|
| c:\users\ciihmnxmn6ps\links\desktop.ini..doc | 1.42 KB (1456 bytes) |
MD5:
2dd61f65d7d549f0564ae374b7bdc10d
SHA1: a7d6c597f67bedbce0b7d4843a274574e9f14ebe SHA256: 4a5b08ec17f9054b0cbb823f51431fc0ee45bcd530e1ede13945052efce215af |
|
|
| c:\users\ciihmnxmn6ps\links\desktop.lnk..doc | 1.44 KB (1472 bytes) |
MD5:
3effda9243388de22d1e73b186f14b2f
SHA1: 78a35bb209ef9c18c5ece7ab4a5ad5781af10778 SHA256: 7bec962c747e54009967b6bd6455e40f6829ffa9a22ceccce2ba579de2653e83 |
|
|
| c:\users\ciihmnxmn6ps\links\downloads.lnk..doc | 1.88 KB (1920 bytes) |
MD5:
e46c1d25aa5c77c12544f777a3ad0719
SHA1: 4ad79b7925cafafd4a800e09153f86bedbfbe8a4 SHA256: 453a1c16eb3ae9f01e75204f4b3083732bd08300dc300d82c639ab28d2489c9a |
|
|
| c:\users\ciihmnxmn6ps\links\onedrive.lnk..doc | 1.95 KB (2000 bytes) |
MD5:
ac1a60a4a24598311023a14e20d6bbc2
SHA1: 16c74278447505ba6d7f7015a7eb983f813f4c9a SHA256: a19711d62c877ad3ad615a4fb309515593f5bb480949debdf070a8dd1158a4b2 |
|
|
| c:\users\ciihmnxmn6ps\favorites\bing.url..doc | 1.12 KB (1152 bytes) |
MD5:
c502ca9fdbec3f60dc8b4a0f8c82f0c3
SHA1: 407b56722ef60f05c5edd7297278b223320f836e SHA256: e3b8f17d1280c97b6e041d95854da3772509c5a9883d7a9f1bcf3acc8bb279c9 |
|
|
| c:\users\ciihmnxmn6ps\favorites\desktop.ini..doc | 1.33 KB (1360 bytes) |
MD5:
8e72f402d6f32a2eb8b40ef2bf09d134
SHA1: 4997f213a0a8f74565d3d4a6411ee74ed5d370d5 SHA256: 4f7b953408cc9936a382ff90102cbc50db2625cab0d8d017a81caa4b8132ecb5 |
|
|
| c:\users\ciihmnxmn6ps\favorites\links\desktop.ini..doc | 1.00 KB (1024 bytes) |
MD5:
e4dd0769eed2ff53c7a6d53383848aec
SHA1: ab6991ca91766ffa6a1c1c85d373eb2ba58b687c SHA256: 72a735d2fd20e5eb2909a8a433c0e3155452df4ea83b7c9dc43775144053c7b5 |
|
|
| c:\users\ciihmnxmn6ps\downloads\chromesetup.exe..doc | 1.08 MB (1131272 bytes) |
MD5:
d799fa9f1655f95dc9be3bd1830e630c
SHA1: a2efedfc9abdf934a0703583b1e602843e2ad95d SHA256: a997604d3eba8e39c9f26b46448adcf9ca5ec53fcafb6328a733acaa3f069bf3 |
|
|
| c:\users\ciihmnxmn6ps\downloads\desktop.ini..doc | 1.20 KB (1232 bytes) |
MD5:
a366561c12c6f69711d3bb85e052fa7d
SHA1: c70b3c04a93e561b4cf463ac44d10923da75566f SHA256: b1422698d4c21483ab1bd86344784727cad570b0b0b1eeaef1f221496e685910 |
|
|
| c:\users\ciihmnxmn6ps\downloads\jre-8u131-windows-x64.exe..doc | 10.00 MB (10485760 bytes) |
MD5:
74d7fac20609cfe929862a5b95dd43ba
SHA1: fc15665973703bc952db494bde33bb27c2da45f9 SHA256: b5d48def2860405b1a3e1ab188403156baf95856e15ffdbcfd30bd5813cd476c |
|
|
| c:\users\ciihmnxmn6ps\documents\5lfe4lx.pptx..doc | 89.97 KB (92133 bytes) |
MD5:
8ae6ba7e2cef64e1b83d905ef8a359d1
SHA1: 3e0290cf998e9438a8fdc1d728853baf249855d5 SHA256: 3319a6208bce5f2ffb77ced09c10b7f946b6ca496ebc1f1ca383d1da45309173 |
|
|
| c:\users\ciihmnxmn6ps\documents\atcbua--7ps9_ex5yf.xlsx..doc | 25.82 KB (26440 bytes) |
MD5:
bb2b28d3d9425e23ace84a09fac7df48
SHA1: fe0682c1a4d8d9f3a4e42ba6b9cbc3d8fc5e3d81 SHA256: 128d71c93597a29a31d5c6e0b34302de049a6b8946013e5a8eaf11dc0ebd6159 |
|
|
| c:\users\ciihmnxmn6ps\documents\blbtlle6nvl7pn1.ots..doc | 58.38 KB (59783 bytes) |
MD5:
e0ca48aa6b416a728272cb8532669d77
SHA1: 179cf3e5b3ff62e80bfa8e04da3cbbfb36008987 SHA256: a205e4456ed8fc355a9c921561d0ba86572f7b2a97b437f56d28bb09fdcc1cdd |
|
|
| c:\users\ciihmnxmn6ps\documents\desktop.ini..doc | 1.33 KB (1360 bytes) |
MD5:
7132d3a594fda47d039273bbc40dbffd
SHA1: 860a7d33a834d69fcc947226d561d6ca7c1440bb SHA256: b9b2bd048b7ee2b23a488b39c36a49d1a453087428ae56f7f43624b1658624bc |
|
|
| c:\users\ciihmnxmn6ps\documents\em9gxmq2lkv8zfra.docx..doc | 54.12 KB (55424 bytes) |
MD5:
d6c0aecc35c6752044fc0a3f358c4438
SHA1: 9f7f60ae8a6b76f239c49538aa2861b54decd2e8 SHA256: 629221550960a4923ccad59511006ceacc33207ff3ae1ad3a325b5b7491d1a7d |
|
|
| c:\users\ciihmnxmn6ps\documents\ihzco2.pptx..doc | 91.09 KB (93272 bytes) |
MD5:
38829e481348405ceb8c56ea6afafcbc
SHA1: 39927f5aa90216eb773e0c6e75e302b758a972b8 SHA256: adaa6d74ea28423855e6e7692b6e3f8e017d8a8e927b9ac2a1267bf01db3f422 |
|
|
| c:\users\ciihmnxmn6ps\documents\j0-1vw5m.xlsx..doc | 40.03 KB (40992 bytes) |
MD5:
bb3004b11d168b4a36362ab8dac001e3
SHA1: 875b442fdc757c1aa6aeb27a313e6fc39057745b SHA256: 928ba3e229fb49221ffc5776bef2dbeef69868e8e47cbdbd142a06ac1e622b66 |
|
|
| c:\users\ciihmnxmn6ps\documents\k3dcza0zgh0l2.pptx..doc | 68.06 KB (69696 bytes) |
MD5:
bdd35099b5733ef0f88a0ef16d548022
SHA1: 5adbfab896b3022888b98fc88fba17090f2f3711 SHA256: aa91542cbf44a112c3ca34b229643b425702ac2fd7e393f38673b258ee01b17c |
|
|
| c:\users\ciihmnxmn6ps\documents\kfqf_.docx..doc | 100.70 KB (103120 bytes) |
MD5:
f62e0d8e2121eba5a7eba2c4295d5119
SHA1: e05607a0e937a02d31306827ad5146115f0c08f1 SHA256: 18395014b6110b19aa83fd46ebfcb68071f3b217135cce3a1369cb17e980845a |
|
|
| c:\users\ciihmnxmn6ps\documents\lmdzhf4zvs-.pps..doc | 69.42 KB (71088 bytes) |
MD5:
c313df2430b95bccf035b45e8b914d7c
SHA1: 06a99fd7f41b10a48adeeab576bdb8f600b3f26c SHA256: ab9a7e09e71451e51982810687069d152bc87cdf15a878a0f3e2bf715cd22491 |
|
|
| c:\users\ciihmnxmn6ps\documents\m_9esbnarkheuqxe.docx..doc | 41.31 KB (42297 bytes) |
MD5:
271ee1a8f66413cc5cbdc13ee9a38eb3
SHA1: b0ac972721872d2bdad0d08c5c42987ad6c54d5e SHA256: 0007103666a7d2d5ad561fe7672a402e3057fdc335683721e9d41cc2c8f4d703 |
|
|
| c:\users\ciihmnxmn6ps\documents\n3kedft.pptx..doc | 47.44 KB (48582 bytes) |
MD5:
4e89acc7705a2c247531cfb38cc959ad
SHA1: 364294d210db5d175c90bccc29115097075c7810 SHA256: 654f3b03bb659e77075ec644c0550db81dfe36b8c5b5dac184ac1aaff79b7468 |
|
|
| c:\users\ciihmnxmn6ps\documents\oev elnpibhwxetbc4x.doc..doc | 23.42 KB (23984 bytes) |
MD5:
43a109cbad2a998a80bb3859c38d63e5
SHA1: 20e6954a2f3b7b21ccdd95abfba6253d4962ca80 SHA256: 97831cd49259321394e24360862bef0b4ed701f8f68bf17eaa16311fa28e0046 |
|
|
| c:\users\ciihmnxmn6ps\documents\ox bq4vkxjpjqad.xlsx..doc | 19.19 KB (19648 bytes) |
MD5:
2adb27e44099ee6d25e57e76a8a47620
SHA1: 16b0110bfec3748471ff0a9af02bc1e3feaa945a SHA256: 7c8c94ea900cb780b1e86f4f4c98123563be7ab7fdcdf3ba44917a1cf7df82e0 |
|
|
| c:\users\ciihmnxmn6ps\documents\t zqsdpu2iujxle-.pptx..doc | 11.06 KB (11326 bytes) |
MD5:
f4a581445f7aa9a08a908eb3435d3bc1
SHA1: 2125df9acfb366e05b4eac0df7544885b45e2055 SHA256: 3e65b92de3ec19e33ba27854b4d525590f0783787d100e075a46fd0fe903584c |
|
|
| c:\users\ciihmnxmn6ps\documents\t-k5sgwmj3 mpb9ky.pps..doc | 28.89 KB (29587 bytes) |
MD5:
5ed82021669a29cfaff651ff2eb994b7
SHA1: 7d84cd164ca658ec1ffa8e0076a05e0d90834840 SHA256: f399c4c10846ff3acee01c2f1245171d52644c60e3d36288fb23c194a4290c56 |
|
|
| c:\users\ciihmnxmn6ps\documents\utm7gxl.docx..doc | 3.12 KB (3200 bytes) |
MD5:
c5f37bb31bf82d434c4f160447302c2f
SHA1: 2f34d66c058d9695961bdff0b84bbe82f08a04d1 SHA256: 73f5a5be792c8bc6482290898c5650bb8b919d016a0d77c1fb8825e6a179805f |
|
|
| c:\users\ciihmnxmn6ps\documents\uwnmvsu.xlsx..doc | 42.43 KB (43452 bytes) |
MD5:
0aadbe0252995e204ad2923b0f16f804
SHA1: c13664a4c2005697da822c62e112cbdf606be53c SHA256: c255a6b0b9b59d2ee5ba0049086a146cbb803feaa1ebb19c0da0c4d768d3e355 |
|
|
| c:\users\ciihmnxmn6ps\documents\v5i14i.docx..doc | 86.62 KB (88704 bytes) |
MD5:
3cde757e4ac9b478f2008278635e5fa0
SHA1: b3504351bcf95644560fb6e085fe6daec668d7af SHA256: 9e3dbf4855f172b589e18a4199a4453238f4ca2a24e57c2ea3259b8eb5c3dc43 |
|
|
| c:\users\ciihmnxmn6ps\documents\vcavi.xlsx..doc | 30.66 KB (31395 bytes) |
MD5:
6238bb78be1339b9b84d1d7269bc154e
SHA1: 801fdc717f4d616a34639ed2c53c6304313d39ce SHA256: 5f57480f45195ff6f9b47fe359af826bbf874a773dc501c9680dea69016e1f3a |
|
|
| c:\users\ciihmnxmn6ps\documents\xci5tni.rtf..doc | 55.25 KB (56576 bytes) |
MD5:
0bde91f0221a2b4ad9a3b70bde3b8210
SHA1: 4bfe1825d7b1d75e7cdc9806eabd5e4b392b72ac SHA256: 007070b5fc331849f1bd6e0a7db59103032bcd88b605469deaeb78da74cadc04 |
|
|
| c:\users\ciihmnxmn6ps\documents\zyrasy.xlsx..doc | 76.01 KB (77830 bytes) |
MD5:
fef54df67c6fdf75b7060d5f49e2b8d3
SHA1: e0a22e6515fff108263aec290c8f0c0eca772fdb SHA256: 29843e2e80655534d29fb410f4a68e457e872d90f7b0ecb57869cb4581a3b89a |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\1oyb.pptx..doc | 71.81 KB (73536 bytes) |
MD5:
c9a73b53db9df683fd0ccddd73677e5c
SHA1: da0d71891879f9d1119585929f6a3e70d89cf327 SHA256: 989136495493a8503b90b7bcabc84485d3bf28223aa3cbb0d8b21a124af376c2 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\5fs 9 uvpa.doc..doc | 23.00 KB (23552 bytes) |
MD5:
80a43a0cd95e74917ab9b95c595aa51d
SHA1: f15fa83391c035ed7147af2d644933297b423dba SHA256: 898e7ae080088de473abc7489ae11cbd154c1ab65299c331e5053cd0bbbfeb06 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\l1ep-e2o7byfuic0.csv..doc | 42.50 KB (43516 bytes) |
MD5:
eddf88a74f8c1e38e81b2d39d0fb7287
SHA1: 768dd32ba36737944d5ace6bfb5af83707c56eab SHA256: 40898d186753f8d7e6023c96570a22e1444f1a124f762f4c07ca2aa64b928e99 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\qf 8oxk89nl1yrk6.rtf..doc | 88.19 KB (90304 bytes) |
MD5:
05a2747411805d61007a585241022ba1
SHA1: 585383376b2364edc3995107f438512f3884efca SHA256: 6c3129a81a26f0d276a764ed3c7fbaace8ce847eded077b8516803c60e66052f |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\18wqha51.odp..doc | 32.66 KB (33442 bytes) |
MD5:
ed686da5f988824371258451d3ddb018
SHA1: 00704182211c992a1248d141d56478cafa7132ff SHA256: 019368379f17cc4936c49d82ce42e559cd289d8c6510f3da1543e20244290801 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\d91n0zq.odp..doc | 73.56 KB (75325 bytes) |
MD5:
c44fb790a903e179e9e7e99ab84bc1e8
SHA1: 6b9c157cb058922272eb22c3c5602c1d94785b56 SHA256: aea9d1b73f8f83a8f2bb9c909c6033078ec0b5c189622f19df8d03ae341538e5 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\snyjwdmydf6ncuaoqltl.xls..doc | 6.95 KB (7120 bytes) |
MD5:
b2f5778eaa82936b9880b13b6cc13da3
SHA1: 8a6973f5df8e4150a945138e774d8d12fbfc681f SHA256: c733222b99882a60e133f39aef7cbef6374e93533ad12ef791f6dc558db83185 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\wryiecxnl.ods..doc | 41.70 KB (42698 bytes) |
MD5:
45eaac4bc88b05e200b38b08360ac8fa
SHA1: 21907f66018c1e00fbdeae8dbbbe08e8312e1128 SHA256: 7e32f2864e64a33eb337e4bca656e4b81d6115d7e3984cf1cf70a78cb007c786 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\xctuw.xlsx..doc | 52.00 KB (53248 bytes) |
MD5:
a099b07894d23f259de01bcd81532ab3
SHA1: 35aeab669ec14f35f86cc273f380a4b618822039 SHA256: a638b3b671899fc0c2a422c3f662045bdaaf1269138b1b16ffe4dad39a6eba8a |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\xie6iniolr04edgffg.odp..doc | 81.62 KB (83584 bytes) |
MD5:
ce5622667042406ce58a90565531f08b
SHA1: 72322e6a97eca15e148203c98b50e7d095a37f12 SHA256: 60d63174500f7fab9f0922dc5f2a82091e05ee312f4d75e5aabffa5ad2640f80 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\kfmszdl4nvsi2cz.docx..doc | 68.45 KB (70096 bytes) |
MD5:
5139f918139be5599211e4c712f07bdd
SHA1: 2cce857577dcaa1d2fdae120468c3eb588ebd3c8 SHA256: 5b4d1b02dae55d427fd7ecd2cb5df99d767fe36058c6b567e33994088a3ef535 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\wgy2yqxdku.pdf..doc | 33.89 KB (34704 bytes) |
MD5:
326f7cbebd98a3b18f99a43a7db7b05a
SHA1: 4c3768d54fb47063f1c1755c70088160d0e244d9 SHA256: 7f71b00cb45357d55d27f6d2b94aebfdfce3f35dee287a8adcddb17c5ffa02b8 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\wi8f0q5o.xls..doc | 8.44 KB (8640 bytes) |
MD5:
d5997333bcd42432169bfcaee29512f0
SHA1: 9f4a43f439980be525e48c9fbff55fc7edabc093 SHA256: bb2fe0b0822c2002b2ce57819b375c0f52cd68d7979d002272f227af7ae8b6dd |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\x5iffemyr.odp..doc | 27.87 KB (28543 bytes) |
MD5:
9de86a69a5cc92864320d842ac329aaf
SHA1: 5b29d9da543911b9f24bd5d241b1d8c9a9bd80fa SHA256: ef0c4f7b3790b7af48fb54d9c088e8ad78ffff7a37de5d6deb49ec19b589016a |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\xy sr4g.pptx..doc | 84.81 KB (86848 bytes) |
MD5:
128767fe14a9907085fd57f6c937cfc0
SHA1: 1df958b17a5b9763fb698187cafec716ab9b1d79 SHA256: 134129fe83705338601df589940d84ae9218a1a75fc2d0c578408ae9748acf64 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\yb mn0zdv.pptx..doc | 93.93 KB (96185 bytes) |
MD5:
b2749671c660f1646c5037ec51a8bf90
SHA1: 92ca8270f596b9429482882370e3c4253fe257eb SHA256: 7e14be90109155ea24e755540485f426e893954710baf6285b5eef9e63d992aa |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\5walp3bl2rwl-yo.xls..doc | 83.88 KB (85888 bytes) |
MD5:
d53936a9eec3f561e3ebfa9c778c4334
SHA1: c1fb7eafa9413c5aa69d844b7892796f8dd0b842 SHA256: 3bf122ad6abeb26c19b9333ce3411ba51ef96d24d141e8128a338de4056f0377 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\oidz6lcgnvxgf5.csv..doc | 41.22 KB (42211 bytes) |
MD5:
955e310b305a7e8202364c651d7e75b8
SHA1: 40ba7d618b16398d69675848db8f3c9e374096d8 SHA256: e2a8916d0118c0fd8d54cedd715ab3af840515aad7a60473574cde18de86d475 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\opt7hcn-3pa.xls..doc | 23.72 KB (24288 bytes) |
MD5:
3e51be8ba7c141dd85be275ce5cccbc3
SHA1: 1a6c72464834014a881501cd2dbc1f20e346a240 SHA256: 13ffcb9e9f4301353a8f50af6bf4af1778c1a07562de78044a4cc394802c10e5 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\psmh09ma0h6sf.ots..doc | 43.06 KB (44093 bytes) |
MD5:
aeb0d0c152fd93185711103144ab979e
SHA1: 4d59939d7abe3f0b9accde8a972a1dd8f7f9aa0e SHA256: 8a2ecaea0995acdefa73abf55121aa89cd6fde12362cda4928e57169714ec8fe |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\st0nfhr7kld7u.doc..doc | 2.52 KB (2576 bytes) |
MD5:
41d2932154f84eaf3cab87bf7a31cfcb
SHA1: f232156e9c35549d716910003fb608ba57e44ed2 SHA256: ccb1380350d1cf11b606f4fad048837386749aec598121b9710c4c3b2840568f |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\ud56yevtc_mgvyoy1e.pptx..doc | 26.22 KB (26845 bytes) |
MD5:
f32acbff1d55d75ff859ac340b6514be
SHA1: 62a2d45b559f9b7a60926a8a99f5633e12c48081 SHA256: a5cac3c6ff0c64690a3b2239090494e30083a5b42f838f22f8390f38e6727e2b |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\vatb.csv..doc | 15.58 KB (15953 bytes) |
MD5:
55c6a2205364cf393b393ce3fe80297c
SHA1: 6d0056a644b354efae9424f01dab3fa33355f9ab SHA256: 1e53ab22d9ffb9afb5d3fc4935107c830caf2129bd7141be820c982e2e09ad8d |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\yfdwehymeqvc.rtf..doc | 44.99 KB (46066 bytes) |
MD5:
e4ca725480de99538747656fb243f6a0
SHA1: 40d49f0e6ae4a03c3e8f31d5505cf786932996a8 SHA256: 68e7cd45719d00a84ec4845337ab3f9fcfcec5386664c0d2426d907061bb53ca |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\wcamw\3qzjcog3a.ods..doc | 18.19 KB (18624 bytes) |
MD5:
ed3f754e5eca0ffa477f9b6e2ed592f9
SHA1: 54c390f584ef73b4f678bee834c8ccea0bb1dbea SHA256: 799f2ab2e477efd4b00f4a8c932f2f3d7ef50c86ed5a5f7a5750f3c5ad9d1b2c |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\wcamw\hfvups2ina_-bdqv8.rtf..doc | 85.77 KB (87824 bytes) |
MD5:
c0ccae55766c814555f970daad435d74
SHA1: 2510608c7e28d38e78465b8c4a48d886b2ae3482 SHA256: e2ba19b9bb407881b43899599adb1368bae5d8f7f748fc95c14196731a0bde1d |
|
|
| c:\users\ciihmnxmn6ps\documents\outlook files\lcfkj@kiekc.df.pst..doc | 265.92 KB (272304 bytes) |
MD5:
1e22fc77e5bc9612f67bf185dfc04a15
SHA1: 5790d282e5fd089b445970b5715e31f15667ad03 SHA256: 05179a8e28d115d9421190660a0216a83e68ea9f1c07cade8af59e39d4194a65 |
|
|
| c:\users\ciihmnxmn6ps\documents\onenote notebooks\my notebook\open notebook.onetoc2..doc | 6.97 KB (7136 bytes) |
MD5:
9aa8a9f23804a3ec80fa871475dbfbdb
SHA1: 7f9ead291dd9cb8ee524c82c4e30c3ae15d829b7 SHA256: 77b4c0d5077e25a7a3704e7f90b30af7bc246962689b4730457875e3ddcd0973 |
|
|
| c:\users\ciihmnxmn6ps\documents\onenote notebooks\my notebook\quick notes.one..doc | 352.62 KB (361080 bytes) |
MD5:
a41e1e20c8bde5fea292e8b65d41986f
SHA1: d7617d18bc4c5dfc5e3aa2e8d8261bbe0d756134 SHA256: 5c7795ed04090e95cd8e455955db8738e4a2124bbc17544de863e0899051698d |
|
|
| c:\users\ciihmnxmn6ps\documents\my shapes\desktop.ini..doc | 1.14 KB (1168 bytes) |
MD5:
b7ba30f52e6052a678f9b39e7f965d17
SHA1: f8efb0bfbdbc55f85ac8c41a76888c1ffcb833c7 SHA256: 4fb0d86f57dc9ce54ad774b2f8d42292f226f3af462a56b2a8ad6bb0dd670c53 |
|
|
| c:\users\ciihmnxmn6ps\documents\my shapes\_private\folder.ico..doc | 30.15 KB (30870 bytes) |
MD5:
41c4d389a921cbb64521e10a5078c10c
SHA1: 5cfba21a4bc52a1fc56b8ce92cd554861da3aaa1 SHA256: 1a8c01876d88f34dbbe6d6594057c12893ef188f4cc1066f17876d3096639495 |
|
|
| c:\users\ciihmnxmn6ps\documents\2xncn\grki.docx..doc | 52.30 KB (53552 bytes) |
MD5:
1b0174959cdf1c95e7302f7f642aab37
SHA1: 8326e7835c750b9f5db47e5d2a22f2b050e8a85b SHA256: 62aae11d86e50f8dbcaf9093247519aa18272dafdadefc36b8d3d505bf7e27d8 |
|
|
| c:\users\ciihmnxmn6ps\documents\2xncn\kt33n_.ppt..doc | 10.72 KB (10980 bytes) |
MD5:
85052940c01ef0d3c9c27f50d59a6baa
SHA1: 443ce008650116e5f5b2e46405f9012112a7d464 SHA256: 0d9ccdc0d2312b2fdd4acd1ab28f1d539aa6a799eb470984fb4c494d62fae004 |
|
|
| c:\users\ciihmnxmn6ps\documents\2xncn\ucq2jjz35.xlsx..doc | 84.36 KB (86384 bytes) |
MD5:
e0ad9b054b207ded2770a5b538452a0f
SHA1: bb17fdf10902f89c0e50402243b81c5725f9f202 SHA256: 67199ddf4dbd100f8a710b2ca6a95eb7fbca95e9bdbc37a8431bf3e34d71b3d3 |
|
|
| c:\users\ciihmnxmn6ps\documents\2xncn\vvbl5czqczhto.pptx..doc | 50.64 KB (51856 bytes) |
MD5:
4eaad822e259b13761f077f604889d85
SHA1: 1c0d13aac0f75b3bb076003af17e3d0d056bf25c SHA256: d2a6a09d8be9a40d4256ef12a37ffe01f5979ab403d6464058a38a4388e371be |
|
|
| c:\users\ciihmnxmn6ps\desktop\1ilkjyrgg.ots..doc | 46.58 KB (47702 bytes) |
MD5:
1696b50b454109c22f7c62c0714fbb92
SHA1: 7152dfea0d70b3bc0aae98d0117878b3bfb4e189 SHA256: a762cb70e2691cca2658d174de64f6c2188bc17fe2a3fe7e1e989606aa5b17d5 |
|
|
| c:\users\ciihmnxmn6ps\desktop\23i5acjuyspml.m4a..doc | 78.79 KB (80678 bytes) |
MD5:
1049d6cfe5fcc37f7e557a255cec377d
SHA1: 3625354724d3a06c839371ed15d5f8af54be7078 SHA256: 790f1d58144a7dc5b4d191b921fcee9bc029dfaf79a368f6fcd7e3950982414d |
|
|
| c:\users\ciihmnxmn6ps\desktop\34vihcjptwsy126cu6r.jpg..doc | 82.52 KB (84496 bytes) |
MD5:
1a8c1766f2707c2f0973a80b3531f419
SHA1: 39d8ad9b912c520658a91b194d6ce7ccaf7b937c SHA256: 05b299956ca9ed1ccad20469151cde9c1e811cdaef4d01ac71f8e0fc830e885a |
|
|
| c:\users\ciihmnxmn6ps\desktop\5aymmplf.mp3..doc | 73.84 KB (75615 bytes) |
MD5:
0aadc6941fef5e387cee1db92622d22e
SHA1: 8422a1e0d87c962ea7138611920d7218bb68e29a SHA256: 9e6a6d4489b2489ff45ac6c29993382955159ed43c4ebf69f5fc00632376c183 |
|
|
| c:\users\ciihmnxmn6ps\desktop\7uelr6 ahnxhpqmpu.flv..doc | 9.52 KB (9750 bytes) |
MD5:
28ba4169da6d69a97930ba2edd8c6ef2
SHA1: 010b5042c14e40944d38329a95fe24793bbe3989 SHA256: 29fc657349085667f690d1aa6b761fe060ff1765abc96f66f9e6e65bab12b1e1 |
|
|
| c:\users\ciihmnxmn6ps\desktop\9j9hsv0agjq5p.mp4..doc | 94.14 KB (96403 bytes) |
MD5:
0a88f39f142d19070c62bb3853c9fb88
SHA1: 18dec2ee645b8558ff53f9a56a80d60b06d62fb2 SHA256: dd478094357324673e879840eb21a008ee218b69107c7c097d4621f4a96e5506 |
|
|
| c:\users\ciihmnxmn6ps\desktop\af0cjnijiae7zpu.swf..doc | 3.83 KB (3920 bytes) |
MD5:
263e21ad09c330f8518cc491c7000f95
SHA1: bbcf9e81f3a1ab303224edd160f1fe05682cbeb5 SHA256: d7426fd57e5734570dd1a6b424bdb25827ac84f0fe8376784a6ff877a90a13d6 |
|
|
| c:\users\ciihmnxmn6ps\desktop\bwjej4q.gif..doc | 7.00 KB (7168 bytes) |
MD5:
7413754f9c6e16e9dfc044f6de3b6823
SHA1: 5edba77834febc437f81c74a3d27ad01633153be SHA256: ffc5b02b3b793cb97fa3ed455c0faf5829231dc62b3a284055ad53544ee19868 |
|
|
| c:\users\ciihmnxmn6ps\desktop\cfrs5lie-afnl_qf.jpg..doc | 14.34 KB (14686 bytes) |
MD5:
bb7a682d9063e54fbc7c03db7a99ff4f
SHA1: 0b8d12fcd3c43aed1253a41eb901d2ae794be112 SHA256: c4805b3ab365557436f3cafafe18685652e5849cd7f4f18a145f84b42d894087 |
|
|
| c:\users\ciihmnxmn6ps\desktop\cp_i6vwpeagucdb9vyn0.pdf..doc | 62.21 KB (63704 bytes) |
MD5:
5cfbabe8dde1f2fd154410b802dd7b34
SHA1: ced769de411494a779b2b2343cd9f4b79680e3a9 SHA256: 93999ffd16aafbc136d3e430b5bec7fc0a67f521b0bd5ae4ef00e6317d28f56e |
|
|
| c:\users\ciihmnxmn6ps\desktop\cr1v23mrj a0x.m4a..doc | 2.20 KB (2256 bytes) |
MD5:
353e22f480804d868ba20aa5ac199d8b
SHA1: 06e8d8c2ffba635b70c747c95c456e3cadf25f62 SHA256: 667d72304a80383477cc66d3cd1415043e689a10be09a88a652e2ab78b14f6c2 |
|
|
| c:\users\ciihmnxmn6ps\desktop\desktop.ini..doc | 1.20 KB (1232 bytes) |
MD5:
1303831f18dffd4cf7f31ee7c7682dc9
SHA1: af7733df345ddf40bce6ff8799b0ebbfd06c2e62 SHA256: 032970cd060cdf8c701de88534b813f7b69277ce8ae5be1f12f8363b387bcfe7 |
|
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\bootnxt | 0.94 KB (960 bytes) |
MD5:
dd4c03d383fa84a8ccba73e0b34a26ca
SHA1: 7cda05877b6effc0ea603a0925322fde261c51bf SHA256: 2f1a8b66d168474c99923af0795a35c2cfe9386f64b8000fa24c6fa3402f8a90 |
|
|
| c:\bootsect.bak | 8.92 KB (9136 bytes) |
MD5:
351a1e2354f9c0ccd36e00b75bb50a18
SHA1: e19f9661239c4fc761385ea3f39b00c9c2c35cba SHA256: 6f8e024373a23c013124ae16c0e7b38f583e44a252860f4c8380de99a38a9904 |
|
|
| c:\users\desktop.ini | 1.09 KB (1120 bytes) |
MD5:
03fa1e0ea94f96e88df614abbe0703b1
SHA1: 8b6bf3c2e93724a603abc372e772fd4c8a1a154b SHA256: 237e277cf6439d70c327f263cb443e4b9f23e1736ec5e38d7e9c5a7490626473 |
|
|
| c:\users\public\desktop.ini | 1.09 KB (1120 bytes) |
MD5:
4557a99c5f04dd51e1c57f88eecabfd0
SHA1: 12b9d3fd9c7b25af9f6030245a9bc7b9a306cc6c SHA256: 87d3ef818691192276efef80fb2d80a1c3f14d4313fe59566429b9a45a62aa82 |
|
|
| c:\users\public\videos\desktop.ini | 1.30 KB (1328 bytes) |
MD5:
912937c3c9a69c32211d4162d9199fbc
SHA1: 80e00a9c04a8cb36846da3917dcd095811cd586f SHA256: d2f030314ae9d645cb32763ac0b66125eb38d718a64fddc090376eeb540e07a9 |
|
|
| c:\users\public\pictures\desktop.ini | 1.30 KB (1328 bytes) |
MD5:
84033410a1053c63dedc29d312a02fff
SHA1: a98610896d90d8323dc68135e79b714f585619b3 SHA256: 120db3e5232d5ac034a29d84bbc28e14b7fd08333b515574643d086152052dbd |
|
|
| c:\users\public\music\desktop.ini | 1.30 KB (1328 bytes) |
MD5:
19df54bac0c5e64d04110ed7d79e8a14
SHA1: 3bc9092919086b28b62ee2e0ce7096b7e43a9934 SHA256: e7b4f0156e9e228454ba99d32e680487e680c7c7996cf48709ab54a2f42feb38 |
|
|
| c:\users\public\libraries\desktop.ini | 1.09 KB (1120 bytes) |
MD5:
14f972c6f596015135491f8d195c6999
SHA1: aa46c370e3f5d5119f63168eef8c897f1947eece SHA256: 7d0f57e87e3fe8795d13be2e4f2cf9d4a2c15afab4aa58929dbd517077ae520e |
|
|
| c:\users\public\libraries\recordedtv.library-ms | 1.91 KB (1952 bytes) |
MD5:
e36f7f7f6dc87e0af8a6b625daa9899a
SHA1: e846d09023adbf67887ee86e8a01b32f826d94ac SHA256: 48ae42aa9a9bd8731f6d7b5cac820121c4adacb024ba9e772d6738b0928b61d8 |
|
|
| c:\users\public\downloads\desktop.ini | 1.09 KB (1120 bytes) |
MD5:
334326f2445576654b881ca75881a12a
SHA1: 2154f40bf4c4189c8d3e963b05c853e4f2df3b12 SHA256: 70b9f46cd1678b6200e585463d78b91d07ae8ca9f254590fe1d5ce152f6f770a |
|
|
| c:\users\public\documents\desktop.ini | 1.20 KB (1232 bytes) |
MD5:
fb9580698701e27432647edd2d7eaac7
SHA1: 6781d39960831bab710c05f590166323646eb7da SHA256: acce99a2039dd0fe6a4256f06e4ef93d4585828d8394bbb4aa8a4eca014888bc |
|
|
| c:\users\public\desktop\acrobat reader dc.lnk | 3.02 KB (3088 bytes) |
MD5:
8fdc81b4323f97687e071a50b5267496
SHA1: d36545d6fd09f7c2b574b68e120250347715a28d SHA256: ee9058e027d4eb75fc3f979f72db86413401287e4aa18d33e073aed1b1e8547d |
|
|
| c:\users\public\desktop\desktop.ini | 1.09 KB (1120 bytes) |
MD5:
9dcef2ab01e7b4f41c0de6a3df60f5b4
SHA1: c685c2f13bbdc51b92da09c4382477e0aeec75af SHA256: f3f0ac0332a1aadae365c1b4afca95d14e4fb89d56a47ba7582ca72d40aa1cb9 |
|
|
| c:\users\public\desktop\google chrome.lnk | 3.22 KB (3296 bytes) |
MD5:
5e48a236139104b9b82eeb16cb72e0ae
SHA1: 9b30a2145e9be12747754935fc14661731c1e125 SHA256: 19d7b1b55ce79827f37860f46180bddaaaf35dd465eb4daf3098638999ab4ab7 |
|
|
| c:\users\public\desktop\mozilla firefox.lnk | 2.12 KB (2176 bytes) |
MD5:
ae617e94bd982a4ea563ede72ecdae37
SHA1: 0d82d70473b3bcd4d3b1f525f6d86f4e1795dce8 SHA256: 49d51bb8135ae652b9a764971120d484158e06f18efabf29543cd0d6676e57e8 |
|
|
| c:\users\public\accountpictures\desktop.ini | 1.12 KB (1152 bytes) |
MD5:
efa39eb41053ff0a991c991975875bc0
SHA1: 5d2c35f8ad96ecda5cebb27ea0f8885656c1038e SHA256: 5c4d71bd487cd675b674e5774c8cf24bdf86a8dd5204ec75693ea5960d20e216 |
|
|
| c:\users\default\ntuser.dat | 256.92 KB (263088 bytes) |
MD5:
d83dcac774dee521012189dc88cc3662
SHA1: 0ab64335840bacbf8cfcf5deaad8cd0ee9f853ff SHA256: 5dfdb0284b4c5a586857ba6ddf5ac921171130b346bca2ff034c47b7d3a68d47 |
|
|
| c:\users\default\ntuser.dat.log1 | 24.92 KB (25520 bytes) |
MD5:
9b22fc5462ac88989eac80428326c8b4
SHA1: de37ccf141aa88e2b36823c7f264dad2ef879d13 SHA256: 0bde45128964856c98d7e041a6f984193f5e2fef9f6e2bae2fece8b8f4dda676 |
|
|
| c:\users\default\ntuser.dat.log2 | 504.92 KB (517040 bytes) |
MD5:
0e555c1eade9bd288351ec55ece64351
SHA1: d8088abab0fa629c0a2ebd85b09495d004a55eef SHA256: 13e5d77a28442e6a35c101086e296861f4ea614b314da9d0fa7a9e098a8c7afc |
|
|
| c:\users\default\ntuser.dat{77a2c7ed-26f0-11e5-80da-e41d2d741090}.tm.blf | 64.92 KB (66480 bytes) |
MD5:
57f5d78a1ec92fde51f041dc00d88054
SHA1: 014d993b9c714e98da5f6c99cd385ec74353784c SHA256: 79d7a87a7868d9fa9c931d396517e6cdcd3f7c6dc3c6ba5110693181eb03fc7d |
|
|
| c:\users\default\ntuser.dat{77a2c7ed-26f0-11e5-80da-e41d2d741090}.tmcontainer00000000000000000001.regtrans-ms | 512.92 KB (525232 bytes) |
MD5:
48edec9d8fe3890abc8a341cf0a24a3a
SHA1: 9ec639610f86974fa0f04d099995ab77e3123dd3 SHA256: 2fa43cfae372a2f004aaee09c314d1641c334862115636da0aa35f5ede3c907c |
|
|
| c:\users\default\ntuser.dat{77a2c7ed-26f0-11e5-80da-e41d2d741090}.tmcontainer00000000000000000002.regtrans-ms | 512.92 KB (525232 bytes) |
MD5:
57b2afe19de2c0e01e104353ce5c97c6
SHA1: dee459ee5a30f2ff682188a4d33e1c7ef200774b SHA256: 07ea3cf325f425abf86e54b86ec9924ea3c9d1cdc9f3abe1d0d4e4314d7212af |
|
|
| c:\users\ciihmnxmn6ps\ntuser.ini | 0.95 KB (976 bytes) |
MD5:
1524c23e29ca650fee428d62e876b108
SHA1: 234adc81a95746aebf2e5f06f6fc63b13d3b814c SHA256: a9a2ad3c5c92a5dc415de2e8578ca9d214a958f7b46d8dcd988d4503cf9e546b |
|
|
| c:\users\ciihmnxmn6ps\videos\e2wasdx2n_.flv | 19.16 KB (19616 bytes) |
MD5:
a6d96e199780925d81c91bb4fa149841
SHA1: 2f73ba8ed8f14895d10cd2ecdaebe16029c30df9 SHA256: 2f0627608232265a780eae15074fba5f7be01b0a4c5e41c0446e1d75fe69d9c8 |
|
|
| c:\users\ciihmnxmn6ps\videos\ibtwm8.mp4 | 61.77 KB (63250 bytes) |
MD5:
869d0badcf60e04ecc2b218ed188b179
SHA1: 6887e6ae6c26e10ef141116a800aaeb571cf40e6 SHA256: 172284c36a0ac87fb5c30ff25ae5f18efee95ac312fe773b22785c795ff3645b |
|
|
| c:\users\ciihmnxmn6ps\videos\ny17g87un.mkv | 72.39 KB (74128 bytes) |
MD5:
c0d2b4ce573c4b64c6677f6bc37c7415
SHA1: 162bba83fbbfe53f338d365cb2b95e54cdf9bd5c SHA256: 79985aa176fd5b4a528a40efbfe9cecbd6cccf6c168123134e4b7566eaae05b4 |
|
|
| c:\users\ciihmnxmn6ps\videos\p1l10vzx4hd3-c.mp4 | 7.83 KB (8016 bytes) |
MD5:
c4fcb29035a817cc14f45304c4d2490e
SHA1: d37b16597503b5bc72dd20ed9b0061565bce7841 SHA256: 4c13bd5c2a840fe2698e48900d9e5a2d225018410104ab0739a6ee816197c36e |
|
|
| c:\users\ciihmnxmn6ps\videos\u8xibbuo9vcag.mkv | 46.87 KB (47994 bytes) |
MD5:
ef5e1f614a58744f99a63faae1f07cbc
SHA1: ad87228795e5c5f35f0beecae9535607c3b6ad2e SHA256: 2f0538dcb5a3fc252bfb660e65f218f482491202bc4cbac19e7f295507c5d1d8 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cpccb0b.swf | 14.47 KB (14819 bytes) |
MD5:
77c363aa0b79f3d0d3668d81ecb9141d
SHA1: a6617a5f0203ea9c75a3012cbae6ab87f497f31f SHA256: 0e02cfb29fea57bc04a3c47f50279cbcd2b82bc0c8e71d36413805de1c73bb6f |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\pgluhotas6kwmmfsdl.swf | 63.94 KB (65471 bytes) |
MD5:
2ef50514bbdf5c1fb1d99df1003680e4
SHA1: f00a7c057ca940e40c09389e96080ff1d23300c2 SHA256: bc12ad5610ac4c5278903dd2afd1c8c66180a1c519ed54f4c998c8f45124de70 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\6e5-hpmrbs.mkv | 10.94 KB (11200 bytes) |
MD5:
224edc872eacbcafe10cc214a8d8f606
SHA1: 44217fb10c26be8043cb8e1f8995a7a0616d948a SHA256: f88670028a1bc60e4b18741205e4d4a34f8cf076bc2a4d00e4c1e8b55619383f |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\6gwg.flv | 97.88 KB (100224 bytes) |
MD5:
7727271b003ab118e5a7ee4f46935aa0
SHA1: 06f4b83bf0e1cd5fe9a338e2d436627c4f634555 SHA256: 6f53372a64e6aa4a87218501439ea4d762b340e2c876ed860b40d58d71b2dd92 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\gxfzekk51.mp4 | 84.05 KB (86064 bytes) |
MD5:
2c531982707a0d2bf59074d62157b4b4
SHA1: 2293b64dd2a55424b9324ee43e81126f8118e585 SHA256: 62dabff92059c12969278fa6d0cd937db0c421bc9bf2d03b1862760d83749382 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\li6eau1sqq2.mkv | 97.64 KB (99984 bytes) |
MD5:
cc3026377aba30e4133e5fce0bb76937
SHA1: 157b1734ca63de36fba45139b374d21786bbc389 SHA256: 47e13837c48b5d49d11675d8e387e57504166d0957c68d17cb5a03cf591e5bd1 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\p17xszau6p5nex19v.mkv | 78.21 KB (80088 bytes) |
MD5:
22b8453bc206080fbca0de949a9bff50
SHA1: a5dc55caddf3c00c8ebe8bd5c703256bad2da952 SHA256: 1600762b28cd5fd906eec2d17dfcaba6fdd1d47cedc7c3e0dca77645667eca43 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\qopwqzk.mkv | 14.88 KB (15237 bytes) |
MD5:
0b1b91e03ccdf4eb9f73ee409be5e17c
SHA1: 9a0def13f02c4680d9bb499e406ee70049789591 SHA256: 09c06b2417d218510ae018c5572d9a6e473f7754f6ed606e960d4fe46bbc743d |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\u-mjrv.swf | 24.67 KB (25264 bytes) |
MD5:
3349fa04afe142e3b99cd9812bdbd1e6
SHA1: 7236a7fc759079d2bb585a4965abbf117ec7b37f SHA256: 3d6909f8e1048412e03a1e0b5a7154a7d7a693b6e95840098229dad9f0637f20 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\wyrssbqc98w\jngbvbxt2te.flv | 81.98 KB (83952 bytes) |
MD5:
16c7ee5f1fa526ac4802dc6b46685f2c
SHA1: 763d4427b0d6e6b2b7ba36516c8b98296b18aa92 SHA256: 307ecdb45c3220a1d9db865e5cd134b219525614fe2c5850504134fa0891b750 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\gpyspnb\wyrssbqc98w\xfnky9jskllvnzza0q7k.swf | 66.39 KB (67984 bytes) |
MD5:
8e55130411fb86e461cac2b1786353aa
SHA1: a5fc0bd86905e48f5f8ebb054463e4671f3213e0 SHA256: ba3d8c13f3de0bde5ed1a4154c9f8de820891a8234c49417577feb9e2bbdccd9 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\cn620-gsia4nyyycofj5.mkv | 61.95 KB (63439 bytes) |
MD5:
94fbaa99139c9d10a02bfc36ac9de466
SHA1: bc138ad598b761a24e0d0013cf64d86dc4fc140e SHA256: b1e9c09cf2c3eabc1c4c394d756385daf0ed24b4c23a68d646b660fe6fea512d |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\tt_x88h6 pabcl7r-.swf | 97.97 KB (100320 bytes) |
MD5:
710e3b7a9024eaab14b0f4ca641b75d9
SHA1: a10e5dab1ca75408740ce320a4ffa30703ff4855 SHA256: f967457c20a83bece1ff8ab326cc7b6354c8f5ca9d37daf0c9511e6a4665faeb |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\z5nygqlxcnl5cc-.avi | 55.08 KB (56400 bytes) |
MD5:
aab7e0c401e157c1c2578244eefe5fab
SHA1: c238e5b64433873f13430a7d7210779ac149145b SHA256: 8364c334ff92f20ac6b24b1d8bf77b98421d16143a6edab55dc938b2a16743de |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\j-xye\4tnmmqdfquco23log.avi | 67.50 KB (69120 bytes) |
MD5:
c3b8766fb80ddf42509e7f761928dc30
SHA1: b4d33f1cf53cecca4886ce8d2dc5e4db905c0a01 SHA256: 8e61c5186a0dfff841d34d4dedba3589455dc0f82dffb09b3a809403ebf5d29a |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\j-xye\9jzc.mp4 | 11.02 KB (11286 bytes) |
MD5:
4a6889191bccb24e074c8c8c38412edb
SHA1: f9b029cc2c1a8d832a6a3db9249ad9a536eb53ec SHA256: 2a526ea714599dcacb6bbbbbd4caba2866f483b2b8484a37a0855db68c9e19c0 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\j-xye\fwol9dbwif.flv | 14.21 KB (14553 bytes) |
MD5:
7ca5c244029c3c8be3219c37cc5c6fa5
SHA1: df6bea5d708fb2afe2052673928401fd946d62af SHA256: 6face97dd1e3c6aef75551648680b05a670e34e8824462b68d627ccce635e418 |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\j-xye\o8eem2rfs_my3eq9rg.mp4 | 78.65 KB (80536 bytes) |
MD5:
ba8ccb3fdcee2914c38bce0524e842b8
SHA1: 65e64716db0da062105d70ba2afa2ecff90fd9c2 SHA256: f8d7120d341931fbbcfa46124bd7192f7dbc2f10d5e7d6bc33eee61c5cfa052b |
|
|
| c:\users\ciihmnxmn6ps\videos\xbh9xwx0lpzggdjbiti\cxqvyrkp8k1us\j-xye\s0d9d09esgnym8fvdwh.avi | 10.59 KB (10840 bytes) |
MD5:
bd974c8625ad3b525bfcd5bc7ca38035
SHA1: cf8d51a8866500327d11a32696c56b6292be4561 SHA256: 19f5df5f700308b91eb93b30ea24fee2c5bc10f2a74a357b97d244d619871097 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\dindjpm.mp4 | 82.78 KB (84768 bytes) |
MD5:
4ae1c4e97f55af4e88994edcace7da04
SHA1: 3529e9ca4db6e2dde3252cb17311ffb48bff3801 SHA256: a777066c67f3326bd8de19d3d77345345d7ca1e7720329267caf479bc0368495 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\gppag7bkp9yd0gqxy.flv | 80.18 KB (82107 bytes) |
MD5:
36950664f74e1b45f63a64ad3198c4c4
SHA1: 72fb97c7ca9c532b0d374e13d3edd23528b93230 SHA256: 1a2b8b094e6ad3f6a08229865269e08f1f6b7addfbdf0cc8eb5d2a812e97ac30 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\gx_wpidl1d.flv | 73.41 KB (75175 bytes) |
MD5:
fc1b8206ef863f678da28ae60ff32324
SHA1: ac7999e33a532a057f2bc5c5002cce9139377fc1 SHA256: 1f314cf51e1aa8b12f451de8f0b25133200e20e8562e8c1e3cddf5305e91e0b0 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\nxloupbusenpl3p-\wnvoa3g9jp.avi | 19.09 KB (19552 bytes) |
MD5:
a937f1f839db02afb42d1607d1ded6e0
SHA1: 3e0379560c88f8c49c9bf53d4a2567996f17b929 SHA256: 4f33edcf69278ac37b940a4eda0741af35ba6b54d261723c27518704e82676f2 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\8klt4ds_wbyaiwwtj\29fvawn e8kitezwwn.flv | 65.27 KB (66832 bytes) |
MD5:
43ec61be6fd526095167936b71b9c80b
SHA1: e60eaf40ee03bb331bf4f80570e2f91048e553d4 SHA256: 2e6d24776764e1a69b4cf04bbe6938b2fce888d9e0a4d92086bb7c10ca2745d6 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\8klt4ds_wbyaiwwtj\a6mtdotp8ju.avi | 61.77 KB (63255 bytes) |
MD5:
3608a2b7bad77eb62fa08acc7860790b
SHA1: 1fddce70e9c76b8e19e6a8cdddb037b93816aa9a SHA256: 4f570434413579e169995ce8070bf8d8532d0e6bb283e81e3a13d01889815f69 |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\8klt4ds_wbyaiwwtj\ezsh9_u.flv | 88.12 KB (90240 bytes) |
MD5:
9592d4228871918fe89dfd41f35f2519
SHA1: 576536644a6cd6cef1ebd34f0f61f6332396b24f SHA256: 7f449b69ec6e80ef67ef543350e12f2af51a60d7e5a3a89d404f822ac7c5ce8b |
|
|
| c:\users\ciihmnxmn6ps\videos\bgvbhkl2p_r\8klt4ds_wbyaiwwtj\waljyrb.swf | 61.55 KB (63027 bytes) |
MD5:
9054674649197d9a0c4cff7331c123f4
SHA1: 9de74aa70b9160dcc0454a2b60cd84c6960635c6 SHA256: a4c07abb692ab47758373a5430088a0fdbc7a5328eaac1f0cf8f5d9439b9001d |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\auvu5oo_3gglwzkk.mp4 | 17.12 KB (17536 bytes) |
MD5:
59c24a41d3b59a62c2332684cdf7a2c9
SHA1: b3d8f3ba307b40c3d24350621282b6a707fee3d1 SHA256: 377ae13f6d315cb476f6b2e70531ee2b56e4b479b8afe2a0e4f7d50329c91673 |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\kmleb81ee9b5n1x.avi | 35.66 KB (36512 bytes) |
MD5:
998056d7bb4782afc1fe5dd83831b349
SHA1: a0d8bdccfeb75d91c92c37ef9c8e27270ca66123 SHA256: e57bb617df558bf06851dbead8bb94a488a7d59f0585d9b6d303737e76212765 |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\nmno7w-y-y.swf | 55.27 KB (56592 bytes) |
MD5:
afbc6aae9a38e174bba006c3eed12fb1
SHA1: 8e2afec244434d71356ce99f54eb2a060b186fd4 SHA256: d722f4cc88e9845f795364929d9a39dfe3dceeb94a6178c498d5fc984797d047 |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\ajr9qn-j2iqxfffeuvm\fvnqxqgywua5.swf | 85.31 KB (87360 bytes) |
MD5:
08cf7a35d11c46ef9f2636134600a86d
SHA1: 2ca70859374af74b538e9d2dee9aa5c6f07076a4 SHA256: d7207d75687dcc2265408367f777e000e2ca602cc61940275efa6bc1dfbae30a |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\ajr9qn-j2iqxfffeuvm\inom_uv1i78k.avi | 70.34 KB (72032 bytes) |
MD5:
3f0d9b18e92cddfe21eb116820e72a56
SHA1: 8f78ef7d1c1cc1458b83ac4f6f845449a9464bf9 SHA256: dd2ce7ba60461cb0302fc03576843773928d1fc4d13cf480ca79c2b516825a3d |
|
|
| c:\users\ciihmnxmn6ps\videos\akftbjqu7\ajr9qn-j2iqxfffeuvm\l6wybm_d_r_.mp4 | 61.95 KB (63433 bytes) |
MD5:
df53e775ef95e9d4c47ff79c72935cc1
SHA1: 53ed9157075b7aa18ee2abec0419a623c4acd2a5 SHA256: 58c9eb8125df9d1653c419f73e3dc5d0528682a8bd74a47209ba75802c678fd6 |
|
|
| c:\users\ciihmnxmn6ps\searches\desktop.ini | 1.44 KB (1472 bytes) |
MD5:
c4c1f7faeaa84afea0455e3ad7466095
SHA1: f53b0cc38d4f8c6b30926e357e63d6cbe5d5166b SHA256: 7fc129f00a30303e0fae704350f13d9534be76909e6961261677e3b75d960a80 |
|
|
| c:\users\ciihmnxmn6ps\searches\everywhere.search-ms | 1.17 KB (1200 bytes) |
MD5:
67a89b1d4df7926bb1282fa543e092f0
SHA1: db060cce54618b30a81ef32e3ab32413cc98df51 SHA256: 0f7ad004fc0f95aea113801039197f9c33c45f1953356bb603ab97c109396cd3 |
|
|
| c:\users\ciihmnxmn6ps\searches\indexed locations.search-ms | 1.17 KB (1200 bytes) |
MD5:
9f661fc1d668f3df14e769547e7beee1
SHA1: c7fc75a79d8556a2c8862f39a7bd13df6d800be1 SHA256: e81325733aa1be43630ecd9a9cba0cc6e69b9bf71ac8262233e05e8500eb5cdc |
|
|
| c:\users\ciihmnxmn6ps\saved games\desktop.ini | 1.20 KB (1232 bytes) |
MD5:
d2c3bc6c2e874a4e62d5752742d6a26c
SHA1: fca1d2e592d8698781d386f7ce2d310384c5853f SHA256: 2268250d88125d513d73334d7ecfd5c0ec075c5639646ac99e17bf8220e96c67 |
|
|
| c:\users\ciihmnxmn6ps\pictures\0hk3ferwlwmdegnqx0.gif | 25.31 KB (25917 bytes) |
MD5:
ac9f3f9c26338af80c9ba05a1b5f64b0
SHA1: e43e831e8a6648909cc0480f02a6a1423f148ca2 SHA256: d2688170b4418761121d914e2c7573fbbe6b326b9544be772c99d3ae547efbe1 |
|
|
| c:\users\ciihmnxmn6ps\pictures\7qdjrw-yomo-k-z7n.jpg | 7.11 KB (7280 bytes) |
MD5:
2dbb0b4cb0b8acf258f575c13848af0c
SHA1: 4a2c061fc5e340860ab6b2f16d5f2ad1d62e2e82 SHA256: e6dfb245a478614c79c30c89345670b51f6182c37bccc7ce258d19076ebc8d4c |
|
|
| c:\users\ciihmnxmn6ps\pictures\h7trdzq_5g.jpg | 23.78 KB (24352 bytes) |
MD5:
7caf7deb64e49cce7593c857445d9707
SHA1: 8245ac00ca2d1977b65a96d15aa601001ff58199 SHA256: 6bdc520d1fa0813a5849e335f463903b59082bbac8a66c5143c26cd9b539fcb9 |
|
|
| c:\users\ciihmnxmn6ps\pictures\qrw9a sahnuzyrbroxd.png | 51.44 KB (52672 bytes) |
MD5:
bef17db6f8008201e2eee7fd8215e509
SHA1: ca910c5addc99824de22d683676ab0e7bbd0c802 SHA256: 6255803a4dd36fa4b6b32c5152151fb9414794203bcd7b676c79d12731a1cb03 |
|
|
| c:\users\ciihmnxmn6ps\pictures\qtvkcwkzzwibwteiqbm.jpg | 84.81 KB (86848 bytes) |
MD5:
6221a08d21072faca2c26a7097305663
SHA1: 339bdab658b3cee4b1dfbd555d67b97fa002a177 SHA256: f5ff60ac82babbb8ea59c7690f6ed00abbd182317eef555b0864a53b2e802b3d |
|
|
| c:\users\ciihmnxmn6ps\pictures\th8eu.jpg | 62.93 KB (64444 bytes) |
MD5:
cb536c6ba05ad084eff49534b411798c
SHA1: 791af3ac7e44f90ef0aa93c3c6aed09210b47f19 SHA256: 616f462f32179ebad3ccc620412868de4ff8653e13f2a0f3407afc4c3d4707d1 |
|
|
| c:\users\ciihmnxmn6ps\pictures\xphr2tjjz.gif | 88.89 KB (91024 bytes) |
MD5:
6ffd4e7f9b56f035a66f15814759b63a
SHA1: 2b1d5c41a36841dce08c429493aa8041277a6029 SHA256: 3271d5f78d0e0a9d15c4c0434ae1beaab48fdbe953f649d7be9dfae66fce2f7c |
|
|
| c:\users\ciihmnxmn6ps\pictures\saved pictures\desktop.ini | 1.11 KB (1136 bytes) |
MD5:
b0d042871f93477b4b37c70d7629837d
SHA1: 66ef0c636edc9f29d4ccf63034dc37e8ebf88ec4 SHA256: af01d088ccd7258d620311b66d6308413f9a5b618df0a162b66461913890d241 |
|
|
| c:\users\ciihmnxmn6ps\pictures\rtevorrnw0ui5otj\-9fnhcfha2.png | 26.58 KB (27223 bytes) |
MD5:
a8594fdd545b6bb17c417f4873165714
SHA1: a886b4e80fd4f7e4e1c6f891c045b38ab0997118 SHA256: 748f2bbfb8824b5e10ae6479c549f6f69647d25377479cf85b58529ddbae894f |
|
|
| c:\users\ciihmnxmn6ps\pictures\rtevorrnw0ui5otj\9xuhi63.bmp | 52.25 KB (53504 bytes) |
MD5:
cba8de21ea1a126cfdc94024e40f0f55
SHA1: 46e1f7efd4a53808d430e12adfd8728f315abd60 SHA256: f4d65c1671191464475c8d6c7f61bf0d8fe07be14bbb27977cc3670f0612445f |
|
|
| c:\users\ciihmnxmn6ps\pictures\rtevorrnw0ui5otj\hkqhg.png | 53.72 KB (55008 bytes) |
MD5:
12d9125b7719dd59f98119fcb76c7cde
SHA1: 982c5debeded46dfe4e4a251971702301159bbca SHA256: 046e39766f992c5785cc76142a09abe4fd9b305a4a0e0140a6c8370b455740f3 |
|
|
| c:\users\ciihmnxmn6ps\pictures\rtevorrnw0ui5otj\qhasofurdpjwbi.gif | 96.34 KB (98657 bytes) |
MD5:
30578e80f0a80370a8c6d465f0b1a195
SHA1: 6b3b47784a3652ac50e44ac130d71389ea8a1e0e SHA256: b930acfbd9d9b5cef9f2e53d1c84765da1a6990c42e78fe247e944fc3df4caa5 |
|
|
| c:\users\ciihmnxmn6ps\pictures\rtevorrnw0ui5otj\x1b_.bmp | 36.02 KB (36880 bytes) |
MD5:
5b0b91210560fe6519b94a7b619c691e
SHA1: f0db99e5d5cfc01b857635cd9a84645f36ddd0df SHA256: 9c64bffd9d021a4292cc55882a66fe3c6b7b7f4288fe1fba6603618de6168d0f |
|
|
| c:\users\ciihmnxmn6ps\pictures\kueb8-smvm\as7lziutzivnqsdmixnj.jpg | 35.67 KB (36528 bytes) |
MD5:
5e79772c1bf60f453460c5abc32d5257
SHA1: d040eccbbb921c559a00c81c2c9ef27f7a858bc4 SHA256: 52e64a74db7f147f4477d73874694bbdc93daf35f83e04fdefd806236b6098b3 |
|
|
| c:\users\ciihmnxmn6ps\pictures\kueb8-smvm\d_fv7 prsx.jpg | 32.87 KB (33655 bytes) |
MD5:
0539fa8eac70342f38f39a2aff0b53b9
SHA1: a798f721381034bebe68604bdbe2a66366a29705 SHA256: 94e9f7d040b6f5608c78adbae3b61bd895e3b49e7edc0f97b227d620aa2eeb47 |
|
|
| c:\users\ciihmnxmn6ps\pictures\kueb8-smvm\kovnpdmyrl.png | 46.53 KB (47647 bytes) |
MD5:
53ba80cd0472f0698fd1aae0d73ae925
SHA1: 9015b1b9c7d81a959e33946dbc4bc036cc7a4457 SHA256: 48f027c9baf7222c23df41960d3780f75b4f169640f35b92be2cd2651c96a3ce |
|
|
| c:\users\ciihmnxmn6ps\pictures\kueb8-smvm\ugmctukfcxobe.png | 93.83 KB (96079 bytes) |
MD5:
077d2fac723f1cbd3d6bdfc1fcccc4b7
SHA1: c97904a3ff6a9e73ad38051e05e87decaba9a221 SHA256: 7d919692580b8bd577a1360c5506249a580d1ffb78bc03f2cc07ed3f6a7e4f9f |
|
|
| c:\users\ciihmnxmn6ps\pictures\kueb8-smvm\ulsdcvkqeuxlv ur2xy.jpg | 45.66 KB (46756 bytes) |
MD5:
ff38a4f3373f37969a54c7ceb6223b9c
SHA1: 22ddf8d15fc919b28ac880548c7fbf0d4b8aadb5 SHA256: de26b309e0ba1723040055c01ca175326fdb25658c5d4f2678435b16772834b7 |
|
|
| c:\users\ciihmnxmn6ps\pictures\camera roll\desktop.ini | 1.11 KB (1136 bytes) |
MD5:
5cca10bd6c111274005acf6f8db9d76b
SHA1: 8ab4945701ba3219e2ffdb58726d345c4dd79d48 SHA256: bd7dadad415f1e07336a09ada99a12632c47dcf7fb5a6de72ab9eaa5044856ef |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\3kc4ze4gwjhznr0zwjv.png | 62.26 KB (63753 bytes) |
MD5:
e91fcc5a22a514f23ab756ab8e965e88
SHA1: 50d754005ca12f35030bb9fba64998c17f460fa7 SHA256: d05103743b01d72da17f90cf0c1216ca7a9e01164df05337456444675c02b070 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\8fsdui62a 2pmyacyjt0.jpg | 12.04 KB (12325 bytes) |
MD5:
af89d4843dfef53adccc8dc0ef2a8934
SHA1: ba1d212d9e0133221334f84effe4ede67597d01d SHA256: 1131be65c1eba551c686f4ddbf5edd84f43f0b8720513530dea691e502479026 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\9n-4.jpg | 17.16 KB (17568 bytes) |
MD5:
97f431bcdb02fb152c69f0fe02419e3a
SHA1: fd31cbdc91fa71fb9f18e29dd506905f0d5ea307 SHA256: 760a7a2b099cc37d79aca7c4a44fdb8a970d0224b4f69ba64fe2f3f0bf797eb2 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\baym9st _guc-pmf1k-.gif | 87.47 KB (89568 bytes) |
MD5:
d7bf4fbff69ac4313be002d49c76f39c
SHA1: 79effbc7a1827648436550239433a1bed1ac4f69 SHA256: 1674d71148be864775ed3c1c68f6b6ade5ad27d3abc77314c90e6c00a5df3a51 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\dy4knw.jpg | 24.47 KB (25056 bytes) |
MD5:
542c2e3411ca3a681549cc1a98856d67
SHA1: 01408887f8b4fca7dcf925b8245e4c15a2515a96 SHA256: 58b689bb52fd767c33954049f14b10c91a6a5e148eb8104127d0161ad3a94b62 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\gfe4.gif | 42.67 KB (43699 bytes) |
MD5:
77fd1a6a20182d86d798362c119dc482
SHA1: 2219754d4bd725d44bf411c526c41480bc120186 SHA256: 1b378dd060e864fec50e1db866c4ecd212f948212c33fe804da903e8c2afb62a |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\l6xswm755meyjgkn.jpg | 32.89 KB (33679 bytes) |
MD5:
599d1503d5df5884c705682574796908
SHA1: 67d2f2dbdd9e52832ee21483d65b390ca534c5a9 SHA256: 54081f08d706f60074bdef6e7f8d10c61d2a80af9c9ba8378c7c2113ac986d44 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\olgvhwydqyi0lakbu.jpg | 62.46 KB (63956 bytes) |
MD5:
bc53f8db3d2219662d16428f33bc9c3d
SHA1: 42a4788a39c115d40c18c403c17c08927ffee412 SHA256: 5ebb588dec0ad24e05480a2eae6bdbd0ad2650eb2b6e1447587cb65aab269859 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\rjzgheo.jpg | 72.53 KB (74272 bytes) |
MD5:
4011b193c3ea477cbdb7878b5e6e4ace
SHA1: e365174a03247c97fc9ee07248498d3f860b80a0 SHA256: ebe9f6bcf0406f51ec1360024a0baf809abfc4cfa9c8f54e2acf6545eca4a6fa |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\v_voep\5b opcyk dpcoz.jpg | 66.06 KB (67648 bytes) |
MD5:
bf95a5b5530da4c567c457a7405ebb09
SHA1: 62aa0ee530b1684ac4a3308d1a226c8a2b999a45 SHA256: 975f8a21e4602b9515be89d331d38b1155f9259adc53e09f3e47707f91236b48 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\v_voep\epxxkihhqhnuu6fk.png | 99.48 KB (101872 bytes) |
MD5:
4c7f676d50a765b1c881721991fe70a9
SHA1: ff225983c83fdeac6d24e00bc28690dd9ebc0d23 SHA256: cfecb0949cb1b424b3b14aade255d501e8960e263d3a5311e896ed045f6374ab |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\v_voep\ptut.png | 7.81 KB (8000 bytes) |
MD5:
5ff39262daafd22d49661e9bbb4937fe
SHA1: cc287a3da490d7e841759a957fdec13e4cd82e2a SHA256: 796c0c58d34b7be60b69345a52494b8f3ff6261ae18323719503e17a125350f4 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\-5ln7dorug9.png | 46.25 KB (47358 bytes) |
MD5:
928d739af09a9f89057dbc12faeb53c2
SHA1: f35051ec0f0ee9850b1defa2e76b16027bb25166 SHA256: 1a1169bfb1d5c2c7dc22af9cf6bd0745973a62b94c2b415598c747335a0996a7 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\f0xhzrypqok3ky78oshs.png | 46.20 KB (47307 bytes) |
MD5:
1ab1ac77b6519d6d5e64284749dcb175
SHA1: 2cabfec4627b0f99dc431fc378822716385c6030 SHA256: 00765bc7e24a8493a7d6b86414551b3ba60a33561f631a3623b61aea3c578696 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\i39wbfumyp6nr8z.bmp | 91.08 KB (93263 bytes) |
MD5:
b44ff50eb8a7d805974b9d748c93fb52
SHA1: 7c511012208b5d52b8610795bc4519f2ada50ab2 SHA256: ef5a76511fdbdd3bee2f4d07fad1cf1a1a805be55af41705faa2daa9daa51996 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\mazf5-.bmp | 37.14 KB (38032 bytes) |
MD5:
f0bf7f7c785877b62a459ffb5e32ebe5
SHA1: 2535230322be3bc8a95c223aed64435dfead5cc6 SHA256: 118fb7d5ede3c8190d5bb77935b2e3dd7026a03279099e7cdb00b1ff89b374c2 |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\tlhdeof6pkj-_rumjy.png | 100.17 KB (102576 bytes) |
MD5:
04b3c7e69561c2888e7a5b84ab9f6d59
SHA1: e8a412c9f56fbe883167bd6ead7bfbd42fe9d44f SHA256: d87875105600cd1c0aace4d8bf777135cc51328c22b204a295090c9a68e6bb7e |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\abvgeclaklpmc\tq6halxmym.jpg | 39.80 KB (40752 bytes) |
MD5:
786713f927ab73bf30c7519cbc9a0544
SHA1: 75676b5f9d301b1e37d5c1dc2ee5e82cb9ef5045 SHA256: 4be5ad07ac1aa15652184451374b3b874826fb2d72643211aab4b92a94f8aaed |
|
|
| c:\users\ciihmnxmn6ps\pictures\9wi6gc3o9czj\6ghfbg6r\ydgp6n.jpg | 29.31 KB (30010 bytes) |
MD5:
f9684a45f6842e4b1cc3d62a8aca8d0c
SHA1: dcb6b5f5d6420e92473415630a11c074c865fb1d SHA256: d5d0e1ac0f2c1b53ffab0344f4f54556ee059759fa7e64d61a8f952daa9458a2 |
|
|
| c:\users\ciihmnxmn6ps\music\-gv6hl.mp3 | 5.81 KB (5952 bytes) |
MD5:
2c90f23fd3114719e5dbaa82caa89f90
SHA1: 250d53eaf9025c4559cdaad0b27f7ed435f1a782 SHA256: ebb0613399cc729b99177b5ebec4f245500a6e66ab9a052f92910d6937d6f691 |
|
|
| c:\users\ciihmnxmn6ps\music\a7bhmqqgp.wav | 32.09 KB (32862 bytes) |
MD5:
b0fa6eab862c042066dc38fad71cabef
SHA1: 7d348ab645d083ceed008810414fa7ef7a44e201 SHA256: 4fef77b6c8e7f4996e016a4e24c274e0000ee2e3f7efd1035b233bef8ab84ed4 |
|
|
| c:\users\ciihmnxmn6ps\music\fgplqzx t.wav | 93.08 KB (95312 bytes) |
MD5:
0c76019d1dd59733e76144c42f6bab95
SHA1: dc9544ecd70bbde7a47e1c8e0566a7cd56a77d93 SHA256: b58d31ec4f4db1e03b94ed836f0da1d41d8e7372525d6496b5ebfd8e132bafb9 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\dckf.m4a | 29.11 KB (29808 bytes) |
MD5:
b007a5506f60a4dd110bacf3020a385f
SHA1: 293f8367e9af5a7fdc6c0236488f35e37d4efe47 SHA256: 553dbc1b733af0c76ef0c3f3c7e922952243f6369c0d1ad8466168573233207e |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\dsupk7zl9jc7_qd.wav | 21.19 KB (21696 bytes) |
MD5:
e4093144803c7ad006ee5d2eae5cf5b7
SHA1: 1b5493aa25f317782189d937ad5ad82a9559a407 SHA256: 7b515183cebe5db526924ac367d388c1b837ab659c206cd5b099496a656cc2a8 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ippvcsepbfwdelc.mp3 | 70.28 KB (71968 bytes) |
MD5:
f0ea0deefa136587fc6a510b1395a251
SHA1: 368a7817564586557f049a96d4f24a32ddb462c7 SHA256: b8044b5eda6fbb828bddf30c03b8139cb8305c0d586d4b85f6e609ccc082259b |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ozuwudusfqn.m4a | 32.79 KB (33572 bytes) |
MD5:
f27d09d9b1f2a01da155b43943031bca
SHA1: bba3aabb49cc0b4117c0b02e9cbfbe2aba2928f6 SHA256: ad5581fbde71925b779c79b29baa5e2c9979765981b5bfd5a363769352d45b4e |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\vnzuuijun.m4a | 87.66 KB (89760 bytes) |
MD5:
ac7657ac37ab2dad3dede5f0bb1907d1
SHA1: e78532985ce0a17447226d5d6529395226052e9e SHA256: 7dec2fd091ed96b53bdb35ba628a2e527e75c675c448c52eb05cc1f1f8709102 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\1fc6vhdhwaiuxr.m4a | 49.75 KB (50944 bytes) |
MD5:
6357bc54149cba544428784c0433f230
SHA1: bcd5d2cae4b888848a90ca8a63b37c4c2050c095 SHA256: abdb19f2f52b16492433c58b4f3f92079aaeac3298aed2feadeaa188e07db67b |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\d0i5ilhq2cc66s_ealg.m4a | 95.12 KB (97408 bytes) |
MD5:
58feeb6c0a8d6b8c0ff50d78f28885e2
SHA1: 9cbbc6031e6808017669df470bb7a2e63f519f5f SHA256: 608c971dfc4e0319f8e435d89976c085c51bbcfe137b7b7960a0fa7c2d5897b4 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\esxi.mp3 | 80.34 KB (82270 bytes) |
MD5:
733585550054dc6ed95b4ec83420b6f0
SHA1: aee3d0171814ba4e53f0868835b27937873dc417 SHA256: 1343c6dcadfb0d04b39cf0260b68f5ab7b4dabbff0ee7c9fd5efd9b6c3932b40 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\ew3rsnw.mp3 | 47.32 KB (48455 bytes) |
MD5:
41e5deb048024ef38b94630c5223d365
SHA1: 76cb14460a77226515cac081e58ba731df533f49 SHA256: 2069c416c8c16ce33d9b02a204f4194825afec85e895221cf0cafe7e7e8655e7 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\i42jovpae6wr.m4a | 32.44 KB (33215 bytes) |
MD5:
0fb34c7d0f053d21d608b8ea277b28c9
SHA1: 90d40ce6670dce890cd09d346d68589b5b03ea9c SHA256: a6f18da0473a435fd9b31667fa1ebe8e5db1d75f7f44ce1b50a7c7bc9cfe11a0 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\k4en3jl_.m4a | 77.11 KB (78963 bytes) |
MD5:
fc490dee92d7ba28af2adb66db5aca54
SHA1: 0d53566be4a391be7fd715af4f31941e4734803c SHA256: d17ed4b8b9c6579694c17462c1f333a4e22b46a4295a3371e3574098cd62a4af |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\oc7nraysldll.mp3 | 13.47 KB (13797 bytes) |
MD5:
5d845b1ddf14fd713ba167b947d98559
SHA1: 50c9348cb4ef95a6400be8c1a87e9d15ee4c805e SHA256: 4fe8205178e31f39942f682e989f0b38661366393ee36e9dc259474709c46f13 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\605wo0ig7rv 5gkzsb.mp3 | 100.14 KB (102544 bytes) |
MD5:
92d8cb8ebee0bb258d0ff45bba2bb6b7
SHA1: db1c51175b3e42a1fd0f2adecaf54c364c036438 SHA256: b6077ff7a2a3ba47b36a1db551aaa36cb0d2e47f679429bf0550b60bd3429903 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\m1rlmk2akfhdrfd.m4a | 28.71 KB (29400 bytes) |
MD5:
a04e323349b77ad51775718d94d07295
SHA1: 5ced5c633cd764396f3a66ebb33d70580c85d05f SHA256: 3452a2c547fa86a8458aef3b7df4401e93e4881d2d4ac252d3a78997baacca2e |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\pgszj43skzy.wav | 75.50 KB (77311 bytes) |
MD5:
b00326eb8d130047caf56c0246925ae6
SHA1: 9eb3ce342b9865c336423eb839a1ae6568e87c31 SHA256: 6e315628f59f2919f8329c624e822f963db94a8c92a5316a6509b5922ec13ce0 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\yx7ef.m4a | 79.60 KB (81512 bytes) |
MD5:
8d82a8ffae788d669b9ddcb04b39e04b
SHA1: c24f5f84cf5b6027643abdb0b74cd3285f2c3507 SHA256: addfb6544509b015e79c673160ee3a6a393fe52ed68c442f13f37c7d811a1339 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\tcotoe4f9fr69v\lce5uuov6td.m4a | 65.59 KB (67168 bytes) |
MD5:
21afe0d57dab129e4eeb2e0f8e9e09dc
SHA1: b2ae5640ce2ca2aa9d3cba017b0dba6fa76da4a1 SHA256: 7b699621de7ead27680c2377132ad87d45f5d012aefddf3e1d5c8047f5bfa917 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\tcotoe4f9fr69v\vapnw9bykw_hbbp.mp3 | 33.61 KB (34416 bytes) |
MD5:
aaafcd348ec71e590e2674469356ab02
SHA1: 259d3d85b41f3dffbd7a4ce1fdc551d2e574bc05 SHA256: 91469c74b9970b2e4165a35e9ffcaefd5436e46e62aae2f9cd28239595240a08 |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\xuefhwntl3mf5omdlbh2\tcotoe4f9fr69v\x9tnf17hn1x0_ekcrc.mp3 | 28.24 KB (28919 bytes) |
MD5:
4b8778a5461ddfcf01ea1ffa74ea30da
SHA1: 3e638590c658fe9271f7477afe57ac074206fc65 SHA256: 16cbb794377ac9e0e71a9f831909d91f264fbd8422c7bcec1abbf2eaea76f31d |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\tfeyyxaopweg\jfdazs.mp3 | 5.50 KB (5632 bytes) |
MD5:
bc1906627c022794f5083fa1e9d4e445
SHA1: ef5af09875614c367f09e0dc4e64ba5f42b108a5 SHA256: 535dc7348f9508a832322bae74043c27fd59e5a4599414213f0b8a2cc3b8bcbe |
|
|
| c:\users\ciihmnxmn6ps\music\zopz\ia1 8yogktf96\tfeyyxaopweg\pm7otm.m4a | 14.89 KB (15248 bytes) |
MD5:
0742e8a807ed2e32afa17686ec6dc692
SHA1: 374f1e1b03d2823d1ff6ed9b88bc358e4fb4ffe1 SHA256: e9bb179e71217f4746c63941d9a67f59bbe38ce7de4a4915e5e85698f1713001 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\e 0yavcuvr4xtgj0s.m4a | 62.65 KB (64152 bytes) |
MD5:
6f6e2ecf0db7360f0afa5728831559b0
SHA1: 78712f3c9015a24e34501d4c8ae43ee5d8c8e0eb SHA256: 45c7f50ca9507476362466b3479653a594b24af40b6f24a50c80f8c6ba341e36 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\i30gioixb.mp3 | 60.54 KB (61997 bytes) |
MD5:
c9bb8b82d67c18188946bcede0643e96
SHA1: 4f6d8b6496fa017b30da91e5458de9793087710a SHA256: 153ddd4d181120b7dd545a44dad7dd2c4be1cff9c5889dd29b13db6e55e12aff |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\ikm7 z01-mol8cw-v67.mp3 | 61.00 KB (62468 bytes) |
MD5:
ab1d36c557cd637ebc23b477c76d6c1a
SHA1: 86233756e704378370f81a345f646e9ff955ea88 SHA256: aac3772f64ce5e546a77ed492e4ac3ed20ffb62400871d1c062f40ed6d2c5f82 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\mrwbv.wav | 42.81 KB (43842 bytes) |
MD5:
427a283595977e77ae73ff64ca7f54fb
SHA1: b201e0f59f05cdaae03c84ec51a47080c5e0084c SHA256: 3d30b015795eb0cfeb5d510679701fa0ba997a347999d9fc535f83e38d3914c6 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\ppqizb7pszmep.m4a | 50.16 KB (51360 bytes) |
MD5:
3a3a2f0cf688051867da1a102a06bf4c
SHA1: e558e3eefb5a2fe5b3ba3aa19ed33f932b3fd77c SHA256: 8b24602303558287d88743d316d682a4638f2f25f6ba91ba7eba107f102b7675 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\vm4enrsiqigsp.m4a | 67.42 KB (69040 bytes) |
MD5:
0bae79acdbfa8768050dd71671578cd6
SHA1: e493c273c9500815c8a7cbe630507bc38e30b639 SHA256: b3aa9d9dfd8b5b072e3b35068e58a2853b4fa93d2c1797b6bc8567ab1344f63b |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\9qybl5jzyjkpk.mp3 | 94.48 KB (96752 bytes) |
MD5:
36ec66301c50b899fb4f26e0d6e0096d
SHA1: 307327956ec1124c4a945ad175779eb637d7bd58 SHA256: 6c313dd4858f47d61d0a618aebf65e98c2a06d649ba347f282bce38cbc282f31 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\boyhfub.m4a | 89.81 KB (91962 bytes) |
MD5:
fcc60f00f0c916574574f596403c98a2
SHA1: 07666e5cb6475230aef594bb9c3993a3d0117471 SHA256: 387ed2ea2731052e631ef943a0d609ad3b346a1865fe6a877131db0bc91ed1c3 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\cm_emr.mp3 | 60.42 KB (61871 bytes) |
MD5:
da1f34ad32348d864a69f3f26fd74705
SHA1: cc5a7e3f8c17d2a7dacd3624d82b40ac2f894ac9 SHA256: f145082df5097586bb5dd25e14a361d621d77bd14c4e174c7e5bb8c99aa39f8e |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\mzvj-71fzcsc6i.m4a | 25.04 KB (25645 bytes) |
MD5:
f68b9e595fa1d2cfe074d3329b315ecd
SHA1: 04de33073d4f6bd653be579c0d3a019b28d3296d SHA256: 3bf2e46f349980e193421664cf4d4accfe28c49e48ef596653ef89fc868b9da6 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\sjwerqq.wav | 40.16 KB (41120 bytes) |
MD5:
14d4489a821158afbfa5116dc33aae69
SHA1: 7349f59264588f812d16dc0e2397b085c93f9325 SHA256: dfda495f4b70c219bee2b8b857e1c9e64e45908b33cc5fb6d709119151b986c1 |
|
|
| c:\users\ciihmnxmn6ps\music\wra9f7\hqhonebzzq6vve\tnvqh.wav | 49.55 KB (50736 bytes) |
MD5:
c63fb19280568181cd7e597a7a843798
SHA1: 9ee6383f3e92cd745049320943b92e561e6b8d7a SHA256: cae05315fcc1cdc50661b05daff39e3747ab024a6781abf2243405faf1a100aa |
|
|
| c:\users\ciihmnxmn6ps\links\desktop.ini | 1.42 KB (1456 bytes) |
MD5:
2dd61f65d7d549f0564ae374b7bdc10d
SHA1: a7d6c597f67bedbce0b7d4843a274574e9f14ebe SHA256: 4a5b08ec17f9054b0cbb823f51431fc0ee45bcd530e1ede13945052efce215af |
|
|
| c:\users\ciihmnxmn6ps\links\desktop.lnk | 1.44 KB (1472 bytes) |
MD5:
3effda9243388de22d1e73b186f14b2f
SHA1: 78a35bb209ef9c18c5ece7ab4a5ad5781af10778 SHA256: 7bec962c747e54009967b6bd6455e40f6829ffa9a22ceccce2ba579de2653e83 |
|
|
| c:\users\ciihmnxmn6ps\links\downloads.lnk | 1.88 KB (1920 bytes) |
MD5:
e46c1d25aa5c77c12544f777a3ad0719
SHA1: 4ad79b7925cafafd4a800e09153f86bedbfbe8a4 SHA256: 453a1c16eb3ae9f01e75204f4b3083732bd08300dc300d82c639ab28d2489c9a |
|
|
| c:\users\ciihmnxmn6ps\links\onedrive.lnk | 1.95 KB (2000 bytes) |
MD5:
ac1a60a4a24598311023a14e20d6bbc2
SHA1: 16c74278447505ba6d7f7015a7eb983f813f4c9a SHA256: a19711d62c877ad3ad615a4fb309515593f5bb480949debdf070a8dd1158a4b2 |
|
|
| c:\users\ciihmnxmn6ps\favorites\bing.url | 1.12 KB (1152 bytes) |
MD5:
c502ca9fdbec3f60dc8b4a0f8c82f0c3
SHA1: 407b56722ef60f05c5edd7297278b223320f836e SHA256: e3b8f17d1280c97b6e041d95854da3772509c5a9883d7a9f1bcf3acc8bb279c9 |
|
|
| c:\users\ciihmnxmn6ps\favorites\desktop.ini | 1.33 KB (1360 bytes) |
MD5:
8e72f402d6f32a2eb8b40ef2bf09d134
SHA1: 4997f213a0a8f74565d3d4a6411ee74ed5d370d5 SHA256: 4f7b953408cc9936a382ff90102cbc50db2625cab0d8d017a81caa4b8132ecb5 |
|
|
| c:\users\ciihmnxmn6ps\favorites\links\desktop.ini | 1.00 KB (1024 bytes) |
MD5:
e4dd0769eed2ff53c7a6d53383848aec
SHA1: ab6991ca91766ffa6a1c1c85d373eb2ba58b687c SHA256: 72a735d2fd20e5eb2909a8a433c0e3155452df4ea83b7c9dc43775144053c7b5 |
|
|
| c:\users\ciihmnxmn6ps\downloads\chromesetup.exe | 1.08 MB (1131272 bytes) |
MD5:
d799fa9f1655f95dc9be3bd1830e630c
SHA1: a2efedfc9abdf934a0703583b1e602843e2ad95d SHA256: a997604d3eba8e39c9f26b46448adcf9ca5ec53fcafb6328a733acaa3f069bf3 |
|
|
| c:\users\ciihmnxmn6ps\documents\5lfe4lx.pptx | 89.97 KB (92133 bytes) |
MD5:
8ae6ba7e2cef64e1b83d905ef8a359d1
SHA1: 3e0290cf998e9438a8fdc1d728853baf249855d5 SHA256: 3319a6208bce5f2ffb77ced09c10b7f946b6ca496ebc1f1ca383d1da45309173 |
|
|
| c:\users\ciihmnxmn6ps\documents\atcbua--7ps9_ex5yf.xlsx | 25.82 KB (26440 bytes) |
MD5:
bb2b28d3d9425e23ace84a09fac7df48
SHA1: fe0682c1a4d8d9f3a4e42ba6b9cbc3d8fc5e3d81 SHA256: 128d71c93597a29a31d5c6e0b34302de049a6b8946013e5a8eaf11dc0ebd6159 |
|
|
| c:\users\ciihmnxmn6ps\documents\blbtlle6nvl7pn1.ots | 58.38 KB (59783 bytes) |
MD5:
e0ca48aa6b416a728272cb8532669d77
SHA1: 179cf3e5b3ff62e80bfa8e04da3cbbfb36008987 SHA256: a205e4456ed8fc355a9c921561d0ba86572f7b2a97b437f56d28bb09fdcc1cdd |
|
|
| c:\users\ciihmnxmn6ps\documents\em9gxmq2lkv8zfra.docx | 54.12 KB (55424 bytes) |
MD5:
d6c0aecc35c6752044fc0a3f358c4438
SHA1: 9f7f60ae8a6b76f239c49538aa2861b54decd2e8 SHA256: 629221550960a4923ccad59511006ceacc33207ff3ae1ad3a325b5b7491d1a7d |
|
|
| c:\users\ciihmnxmn6ps\documents\ihzco2.pptx | 91.09 KB (93272 bytes) |
MD5:
38829e481348405ceb8c56ea6afafcbc
SHA1: 39927f5aa90216eb773e0c6e75e302b758a972b8 SHA256: adaa6d74ea28423855e6e7692b6e3f8e017d8a8e927b9ac2a1267bf01db3f422 |
|
|
| c:\users\ciihmnxmn6ps\documents\j0-1vw5m.xlsx | 40.03 KB (40992 bytes) |
MD5:
bb3004b11d168b4a36362ab8dac001e3
SHA1: 875b442fdc757c1aa6aeb27a313e6fc39057745b SHA256: 928ba3e229fb49221ffc5776bef2dbeef69868e8e47cbdbd142a06ac1e622b66 |
|
|
| c:\users\ciihmnxmn6ps\documents\k3dcza0zgh0l2.pptx | 68.06 KB (69696 bytes) |
MD5:
bdd35099b5733ef0f88a0ef16d548022
SHA1: 5adbfab896b3022888b98fc88fba17090f2f3711 SHA256: aa91542cbf44a112c3ca34b229643b425702ac2fd7e393f38673b258ee01b17c |
|
|
| c:\users\ciihmnxmn6ps\documents\kfqf_.docx | 100.70 KB (103120 bytes) |
MD5:
f62e0d8e2121eba5a7eba2c4295d5119
SHA1: e05607a0e937a02d31306827ad5146115f0c08f1 SHA256: 18395014b6110b19aa83fd46ebfcb68071f3b217135cce3a1369cb17e980845a |
|
|
| c:\users\ciihmnxmn6ps\documents\lmdzhf4zvs-.pps | 69.42 KB (71088 bytes) |
MD5:
c313df2430b95bccf035b45e8b914d7c
SHA1: 06a99fd7f41b10a48adeeab576bdb8f600b3f26c SHA256: ab9a7e09e71451e51982810687069d152bc87cdf15a878a0f3e2bf715cd22491 |
|
|
| c:\users\ciihmnxmn6ps\documents\m_9esbnarkheuqxe.docx | 41.31 KB (42297 bytes) |
MD5:
271ee1a8f66413cc5cbdc13ee9a38eb3
SHA1: b0ac972721872d2bdad0d08c5c42987ad6c54d5e SHA256: 0007103666a7d2d5ad561fe7672a402e3057fdc335683721e9d41cc2c8f4d703 |
|
|
| c:\users\ciihmnxmn6ps\documents\n3kedft.pptx | 47.44 KB (48582 bytes) |
MD5:
4e89acc7705a2c247531cfb38cc959ad
SHA1: 364294d210db5d175c90bccc29115097075c7810 SHA256: 654f3b03bb659e77075ec644c0550db81dfe36b8c5b5dac184ac1aaff79b7468 |
|
|
| c:\users\ciihmnxmn6ps\documents\oev elnpibhwxetbc4x.doc | 23.42 KB (23984 bytes) |
MD5:
43a109cbad2a998a80bb3859c38d63e5
SHA1: 20e6954a2f3b7b21ccdd95abfba6253d4962ca80 SHA256: 97831cd49259321394e24360862bef0b4ed701f8f68bf17eaa16311fa28e0046 |
|
|
| c:\users\ciihmnxmn6ps\documents\ox bq4vkxjpjqad.xlsx | 19.19 KB (19648 bytes) |
MD5:
2adb27e44099ee6d25e57e76a8a47620
SHA1: 16b0110bfec3748471ff0a9af02bc1e3feaa945a SHA256: 7c8c94ea900cb780b1e86f4f4c98123563be7ab7fdcdf3ba44917a1cf7df82e0 |
|
|
| c:\users\ciihmnxmn6ps\documents\t zqsdpu2iujxle-.pptx | 11.06 KB (11326 bytes) |
MD5:
f4a581445f7aa9a08a908eb3435d3bc1
SHA1: 2125df9acfb366e05b4eac0df7544885b45e2055 SHA256: 3e65b92de3ec19e33ba27854b4d525590f0783787d100e075a46fd0fe903584c |
|
|
| c:\users\ciihmnxmn6ps\documents\t-k5sgwmj3 mpb9ky.pps | 28.89 KB (29587 bytes) |
MD5:
5ed82021669a29cfaff651ff2eb994b7
SHA1: 7d84cd164ca658ec1ffa8e0076a05e0d90834840 SHA256: f399c4c10846ff3acee01c2f1245171d52644c60e3d36288fb23c194a4290c56 |
|
|
| c:\users\ciihmnxmn6ps\documents\utm7gxl.docx | 3.12 KB (3200 bytes) |
MD5:
c5f37bb31bf82d434c4f160447302c2f
SHA1: 2f34d66c058d9695961bdff0b84bbe82f08a04d1 SHA256: 73f5a5be792c8bc6482290898c5650bb8b919d016a0d77c1fb8825e6a179805f |
|
|
| c:\users\ciihmnxmn6ps\documents\uwnmvsu.xlsx | 42.43 KB (43452 bytes) |
MD5:
0aadbe0252995e204ad2923b0f16f804
SHA1: c13664a4c2005697da822c62e112cbdf606be53c SHA256: c255a6b0b9b59d2ee5ba0049086a146cbb803feaa1ebb19c0da0c4d768d3e355 |
|
|
| c:\users\ciihmnxmn6ps\documents\v5i14i.docx | 86.62 KB (88704 bytes) |
MD5:
3cde757e4ac9b478f2008278635e5fa0
SHA1: b3504351bcf95644560fb6e085fe6daec668d7af SHA256: 9e3dbf4855f172b589e18a4199a4453238f4ca2a24e57c2ea3259b8eb5c3dc43 |
|
|
| c:\users\ciihmnxmn6ps\documents\vcavi.xlsx | 30.66 KB (31395 bytes) |
MD5:
6238bb78be1339b9b84d1d7269bc154e
SHA1: 801fdc717f4d616a34639ed2c53c6304313d39ce SHA256: 5f57480f45195ff6f9b47fe359af826bbf874a773dc501c9680dea69016e1f3a |
|
|
| c:\users\ciihmnxmn6ps\documents\xci5tni.rtf | 55.25 KB (56576 bytes) |
MD5:
0bde91f0221a2b4ad9a3b70bde3b8210
SHA1: 4bfe1825d7b1d75e7cdc9806eabd5e4b392b72ac SHA256: 007070b5fc331849f1bd6e0a7db59103032bcd88b605469deaeb78da74cadc04 |
|
|
| c:\users\ciihmnxmn6ps\documents\zyrasy.xlsx | 76.01 KB (77830 bytes) |
MD5:
fef54df67c6fdf75b7060d5f49e2b8d3
SHA1: e0a22e6515fff108263aec290c8f0c0eca772fdb SHA256: 29843e2e80655534d29fb410f4a68e457e872d90f7b0ecb57869cb4581a3b89a |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\1oyb.pptx | 71.81 KB (73536 bytes) |
MD5:
c9a73b53db9df683fd0ccddd73677e5c
SHA1: da0d71891879f9d1119585929f6a3e70d89cf327 SHA256: 989136495493a8503b90b7bcabc84485d3bf28223aa3cbb0d8b21a124af376c2 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\5fs 9 uvpa.doc | 23.00 KB (23552 bytes) |
MD5:
80a43a0cd95e74917ab9b95c595aa51d
SHA1: f15fa83391c035ed7147af2d644933297b423dba SHA256: 898e7ae080088de473abc7489ae11cbd154c1ab65299c331e5053cd0bbbfeb06 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\l1ep-e2o7byfuic0.csv | 42.50 KB (43516 bytes) |
MD5:
eddf88a74f8c1e38e81b2d39d0fb7287
SHA1: 768dd32ba36737944d5ace6bfb5af83707c56eab SHA256: 40898d186753f8d7e6023c96570a22e1444f1a124f762f4c07ca2aa64b928e99 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\qf 8oxk89nl1yrk6.rtf | 88.19 KB (90304 bytes) |
MD5:
05a2747411805d61007a585241022ba1
SHA1: 585383376b2364edc3995107f438512f3884efca SHA256: 6c3129a81a26f0d276a764ed3c7fbaace8ce847eded077b8516803c60e66052f |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\18wqha51.odp | 32.66 KB (33442 bytes) |
MD5:
ed686da5f988824371258451d3ddb018
SHA1: 00704182211c992a1248d141d56478cafa7132ff SHA256: 019368379f17cc4936c49d82ce42e559cd289d8c6510f3da1543e20244290801 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\d91n0zq.odp | 73.56 KB (75325 bytes) |
MD5:
c44fb790a903e179e9e7e99ab84bc1e8
SHA1: 6b9c157cb058922272eb22c3c5602c1d94785b56 SHA256: aea9d1b73f8f83a8f2bb9c909c6033078ec0b5c189622f19df8d03ae341538e5 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\snyjwdmydf6ncuaoqltl.xls | 6.95 KB (7120 bytes) |
MD5:
b2f5778eaa82936b9880b13b6cc13da3
SHA1: 8a6973f5df8e4150a945138e774d8d12fbfc681f SHA256: c733222b99882a60e133f39aef7cbef6374e93533ad12ef791f6dc558db83185 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\wryiecxnl.ods | 41.70 KB (42698 bytes) |
MD5:
45eaac4bc88b05e200b38b08360ac8fa
SHA1: 21907f66018c1e00fbdeae8dbbbe08e8312e1128 SHA256: 7e32f2864e64a33eb337e4bca656e4b81d6115d7e3984cf1cf70a78cb007c786 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\xctuw.xlsx | 52.00 KB (53248 bytes) |
MD5:
a099b07894d23f259de01bcd81532ab3
SHA1: 35aeab669ec14f35f86cc273f380a4b618822039 SHA256: a638b3b671899fc0c2a422c3f662045bdaaf1269138b1b16ffe4dad39a6eba8a |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\xie6iniolr04edgffg.odp | 81.62 KB (83584 bytes) |
MD5:
ce5622667042406ce58a90565531f08b
SHA1: 72322e6a97eca15e148203c98b50e7d095a37f12 SHA256: 60d63174500f7fab9f0922dc5f2a82091e05ee312f4d75e5aabffa5ad2640f80 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\kfmszdl4nvsi2cz.docx | 68.45 KB (70096 bytes) |
MD5:
5139f918139be5599211e4c712f07bdd
SHA1: 2cce857577dcaa1d2fdae120468c3eb588ebd3c8 SHA256: 5b4d1b02dae55d427fd7ecd2cb5df99d767fe36058c6b567e33994088a3ef535 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\wgy2yqxdku.pdf | 33.89 KB (34704 bytes) |
MD5:
326f7cbebd98a3b18f99a43a7db7b05a
SHA1: 4c3768d54fb47063f1c1755c70088160d0e244d9 SHA256: 7f71b00cb45357d55d27f6d2b94aebfdfce3f35dee287a8adcddb17c5ffa02b8 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\wi8f0q5o.xls | 8.44 KB (8640 bytes) |
MD5:
d5997333bcd42432169bfcaee29512f0
SHA1: 9f4a43f439980be525e48c9fbff55fc7edabc093 SHA256: bb2fe0b0822c2002b2ce57819b375c0f52cd68d7979d002272f227af7ae8b6dd |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\x5iffemyr.odp | 27.87 KB (28543 bytes) |
MD5:
9de86a69a5cc92864320d842ac329aaf
SHA1: 5b29d9da543911b9f24bd5d241b1d8c9a9bd80fa SHA256: ef0c4f7b3790b7af48fb54d9c088e8ad78ffff7a37de5d6deb49ec19b589016a |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\xy sr4g.pptx | 84.81 KB (86848 bytes) |
MD5:
128767fe14a9907085fd57f6c937cfc0
SHA1: 1df958b17a5b9763fb698187cafec716ab9b1d79 SHA256: 134129fe83705338601df589940d84ae9218a1a75fc2d0c578408ae9748acf64 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\y1x8zqxci645d\yb mn0zdv.pptx | 93.93 KB (96185 bytes) |
MD5:
b2749671c660f1646c5037ec51a8bf90
SHA1: 92ca8270f596b9429482882370e3c4253fe257eb SHA256: 7e14be90109155ea24e755540485f426e893954710baf6285b5eef9e63d992aa |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\5walp3bl2rwl-yo.xls | 83.88 KB (85888 bytes) |
MD5:
d53936a9eec3f561e3ebfa9c778c4334
SHA1: c1fb7eafa9413c5aa69d844b7892796f8dd0b842 SHA256: 3bf122ad6abeb26c19b9333ce3411ba51ef96d24d141e8128a338de4056f0377 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\oidz6lcgnvxgf5.csv | 41.22 KB (42211 bytes) |
MD5:
955e310b305a7e8202364c651d7e75b8
SHA1: 40ba7d618b16398d69675848db8f3c9e374096d8 SHA256: e2a8916d0118c0fd8d54cedd715ab3af840515aad7a60473574cde18de86d475 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\opt7hcn-3pa.xls | 23.72 KB (24288 bytes) |
MD5:
3e51be8ba7c141dd85be275ce5cccbc3
SHA1: 1a6c72464834014a881501cd2dbc1f20e346a240 SHA256: 13ffcb9e9f4301353a8f50af6bf4af1778c1a07562de78044a4cc394802c10e5 |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\psmh09ma0h6sf.ots | 43.06 KB (44093 bytes) |
MD5:
aeb0d0c152fd93185711103144ab979e
SHA1: 4d59939d7abe3f0b9accde8a972a1dd8f7f9aa0e SHA256: 8a2ecaea0995acdefa73abf55121aa89cd6fde12362cda4928e57169714ec8fe |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\st0nfhr7kld7u.doc | 2.52 KB (2576 bytes) |
MD5:
41d2932154f84eaf3cab87bf7a31cfcb
SHA1: f232156e9c35549d716910003fb608ba57e44ed2 SHA256: ccb1380350d1cf11b606f4fad048837386749aec598121b9710c4c3b2840568f |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\ud56yevtc_mgvyoy1e.pptx | 26.22 KB (26845 bytes) |
MD5:
f32acbff1d55d75ff859ac340b6514be
SHA1: 62a2d45b559f9b7a60926a8a99f5633e12c48081 SHA256: a5cac3c6ff0c64690a3b2239090494e30083a5b42f838f22f8390f38e6727e2b |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\vatb.csv | 15.58 KB (15953 bytes) |
MD5:
55c6a2205364cf393b393ce3fe80297c
SHA1: 6d0056a644b354efae9424f01dab3fa33355f9ab SHA256: 1e53ab22d9ffb9afb5d3fc4935107c830caf2129bd7141be820c982e2e09ad8d |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\yfdwehymeqvc.rtf | 44.99 KB (46066 bytes) |
MD5:
e4ca725480de99538747656fb243f6a0
SHA1: 40d49f0e6ae4a03c3e8f31d5505cf786932996a8 SHA256: 68e7cd45719d00a84ec4845337ab3f9fcfcec5386664c0d2426d907061bb53ca |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\wcamw\3qzjcog3a.ods | 18.19 KB (18624 bytes) |
MD5:
ed3f754e5eca0ffa477f9b6e2ed592f9
SHA1: 54c390f584ef73b4f678bee834c8ccea0bb1dbea SHA256: 799f2ab2e477efd4b00f4a8c932f2f3d7ef50c86ed5a5f7a5750f3c5ad9d1b2c |
|
|
| c:\users\ciihmnxmn6ps\documents\ttwps\pkpwidd38h0\4ldoz2w50h\wcamw\hfvups2ina_-bdqv8.rtf | 85.77 KB (87824 bytes) |
MD5:
c0ccae55766c814555f970daad435d74
SHA1: 2510608c7e28d38e78465b8c4a48d886b2ae3482 SHA256: e2ba19b9bb407881b43899599adb1368bae5d8f7f748fc95c14196731a0bde1d |
|
|
| c:\users\ciihmnxmn6ps\documents\outlook files\lcfkj@kiekc.df.pst | 265.92 KB (272304 bytes) |
MD5:
1e22fc77e5bc9612f67bf185dfc04a15
SHA1: 5790d282e5fd089b445970b5715e31f15667ad03 SHA256: 05179a8e28d115d9421190660a0216a83e68ea9f1c07cade8af59e39d4194a65 |
|
|
| c:\users\ciihmnxmn6ps\documents\onenote notebooks\my notebook\open notebook.onetoc2 | 6.97 KB (7136 bytes) |
MD5:
9aa8a9f23804a3ec80fa871475dbfbdb
SHA1: 7f9ead291dd9cb8ee524c82c4e30c3ae15d829b7 SHA256: 77b4c0d5077e25a7a3704e7f90b30af7bc246962689b4730457875e3ddcd0973 |
|
|
| c:\users\ciihmnxmn6ps\documents\onenote notebooks\my notebook\quick notes.one | 352.62 KB (361080 bytes) |
MD5:
a41e1e20c8bde5fea292e8b65d41986f
SHA1: d7617d18bc4c5dfc5e3aa2e8d8261bbe0d756134 SHA256: 5c7795ed04090e95cd8e455955db8738e4a2124bbc17544de863e0899051698d |
|
|
| c:\users\ciihmnxmn6ps\documents\my shapes\desktop.ini | 1.14 KB (1168 bytes) |
MD5:
b7ba30f52e6052a678f9b39e7f965d17
SHA1: f8efb0bfbdbc55f85ac8c41a76888c1ffcb833c7 SHA256: 4fb0d86f57dc9ce54ad774b2f8d42292f226f3af462a56b2a8ad6bb0dd670c53 |
|
|
| c:\users\ciihmnxmn6ps\documents\my shapes\favorites.vssx | 0.88 KB (896 bytes) |
MD5:
cda824c35f96337a7cb8425128ed2d4b
SHA1: badf397a72453babf239c0267ad39e720bf46cee SHA256: 8d3a4ffc3876de9ca4403f6ea9d263f5a93ff83e83cb5c065909528f05756d2e |
|
|
| c:\users\ciihmnxmn6ps\documents\my shapes\_private\folder.ico | 30.15 KB (30870 bytes) |
MD5:
41c4d389a921cbb64521e10a5078c10c
SHA1: 5cfba21a4bc52a1fc56b8ce92cd554861da3aaa1 SHA256: 1a8c01876d88f34dbbe6d6594057c12893ef188f4cc1066f17876d3096639495 |
|
|
| c:\users\ciihmnxmn6ps\documents\2xncn\grki.docx | 52.30 KB (53552 bytes) |
MD5:
1b0174959cdf1c95e7302f7f642aab37
SHA1: 8326e7835c750b9f5db47e5d2a22f2b050e8a85b SHA256: 62aae11d86e50f8dbcaf9093247519aa18272dafdadefc36b8d3d505bf7e27d8 |
|
|
| c:\users\ciihmnxmn6ps\documents\2xncn\kt33n_.ppt | 10.72 KB (10980 bytes) |
MD5:
85052940c01ef0d3c9c27f50d59a6baa
SHA1: 443ce008650116e5f5b2e46405f9012112a7d464 SHA256: 0d9ccdc0d2312b2fdd4acd1ab28f1d539aa6a799eb470984fb4c494d62fae004 |
|
|
| c:\users\ciihmnxmn6ps\documents\2xncn\ucq2jjz35.xlsx | 84.36 KB (86384 bytes) |
MD5:
e0ad9b054b207ded2770a5b538452a0f
SHA1: bb17fdf10902f89c0e50402243b81c5725f9f202 SHA256: 67199ddf4dbd100f8a710b2ca6a95eb7fbca95e9bdbc37a8431bf3e34d71b3d3 |
|
|
| c:\users\ciihmnxmn6ps\documents\2xncn\vvbl5czqczhto.pptx | 50.64 KB (51856 bytes) |
MD5:
4eaad822e259b13761f077f604889d85
SHA1: 1c0d13aac0f75b3bb076003af17e3d0d056bf25c SHA256: d2a6a09d8be9a40d4256ef12a37ffe01f5979ab403d6464058a38a4388e371be |
|
|
| c:\users\ciihmnxmn6ps\desktop\1ilkjyrgg.ots | 46.58 KB (47702 bytes) |
MD5:
1696b50b454109c22f7c62c0714fbb92
SHA1: 7152dfea0d70b3bc0aae98d0117878b3bfb4e189 SHA256: a762cb70e2691cca2658d174de64f6c2188bc17fe2a3fe7e1e989606aa5b17d5 |
|
|
| c:\users\ciihmnxmn6ps\desktop\23i5acjuyspml.m4a | 78.79 KB (80678 bytes) |
MD5:
1049d6cfe5fcc37f7e557a255cec377d
SHA1: 3625354724d3a06c839371ed15d5f8af54be7078 SHA256: 790f1d58144a7dc5b4d191b921fcee9bc029dfaf79a368f6fcd7e3950982414d |
|
|
| c:\users\ciihmnxmn6ps\desktop\34vihcjptwsy126cu6r.jpg | 82.52 KB (84496 bytes) |
MD5:
1a8c1766f2707c2f0973a80b3531f419
SHA1: 39d8ad9b912c520658a91b194d6ce7ccaf7b937c SHA256: 05b299956ca9ed1ccad20469151cde9c1e811cdaef4d01ac71f8e0fc830e885a |
|
|
| c:\users\ciihmnxmn6ps\desktop\5aymmplf.mp3 | 73.84 KB (75615 bytes) |
MD5:
0aadc6941fef5e387cee1db92622d22e
SHA1: 8422a1e0d87c962ea7138611920d7218bb68e29a SHA256: 9e6a6d4489b2489ff45ac6c29993382955159ed43c4ebf69f5fc00632376c183 |
|
|
| c:\users\ciihmnxmn6ps\desktop\7uelr6 ahnxhpqmpu.flv | 9.52 KB (9750 bytes) |
MD5:
28ba4169da6d69a97930ba2edd8c6ef2
SHA1: 010b5042c14e40944d38329a95fe24793bbe3989 SHA256: 29fc657349085667f690d1aa6b761fe060ff1765abc96f66f9e6e65bab12b1e1 |
|
|
| c:\users\ciihmnxmn6ps\desktop\9j9hsv0agjq5p.mp4 | 94.14 KB (96403 bytes) |
MD5:
0a88f39f142d19070c62bb3853c9fb88
SHA1: 18dec2ee645b8558ff53f9a56a80d60b06d62fb2 SHA256: dd478094357324673e879840eb21a008ee218b69107c7c097d4621f4a96e5506 |
|
|
| c:\users\ciihmnxmn6ps\desktop\af0cjnijiae7zpu.swf | 3.83 KB (3920 bytes) |
MD5:
263e21ad09c330f8518cc491c7000f95
SHA1: bbcf9e81f3a1ab303224edd160f1fe05682cbeb5 SHA256: d7426fd57e5734570dd1a6b424bdb25827ac84f0fe8376784a6ff877a90a13d6 |
|
|
| c:\users\ciihmnxmn6ps\desktop\bwjej4q.gif | 7.00 KB (7168 bytes) |
MD5:
7413754f9c6e16e9dfc044f6de3b6823
SHA1: 5edba77834febc437f81c74a3d27ad01633153be SHA256: ffc5b02b3b793cb97fa3ed455c0faf5829231dc62b3a284055ad53544ee19868 |
|
|
| c:\users\ciihmnxmn6ps\desktop\cfrs5lie-afnl_qf.jpg | 14.34 KB (14686 bytes) |
MD5:
bb7a682d9063e54fbc7c03db7a99ff4f
SHA1: 0b8d12fcd3c43aed1253a41eb901d2ae794be112 SHA256: c4805b3ab365557436f3cafafe18685652e5849cd7f4f18a145f84b42d894087 |
|
|
| c:\users\ciihmnxmn6ps\desktop\cp_i6vwpeagucdb9vyn0.pdf | 62.21 KB (63704 bytes) |
MD5:
5cfbabe8dde1f2fd154410b802dd7b34
SHA1: ced769de411494a779b2b2343cd9f4b79680e3a9 SHA256: 93999ffd16aafbc136d3e430b5bec7fc0a67f521b0bd5ae4ef00e6317d28f56e |
|
|
| c:\users\ciihmnxmn6ps\desktop\cr1v23mrj a0x.m4a | 2.20 KB (2256 bytes) |
MD5:
353e22f480804d868ba20aa5ac199d8b
SHA1: 06e8d8c2ffba635b70c747c95c456e3cadf25f62 SHA256: 667d72304a80383477cc66d3cd1415043e689a10be09a88a652e2ab78b14f6c2 |
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\Public\AE09C984DF6E74640B3271EADB5DD7C65FDE806235B2CDA478E0EFA9129C09E7 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTNXT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\hiberfil.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\pagefile.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\swapfile.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Videos\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Music\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Libraries\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Libraries\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Libraries\RecordedTV.library-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Downloads\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Downloads\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Documents\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Documents\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Desktop\Acrobat Reader DC.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Desktop\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Desktop\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Desktop\Google Chrome.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Desktop\Mozilla Firefox.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\AccountPictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\AccountPictures\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\E2waSdX2n_.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\iBTwm8.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\NY17G87uN.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\P1l10Vzx4hd3-C.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\U8xibbuO9vCag.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cpcCB0B.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\pglUhoTAS6kwMMFsDl.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\6e5-HpMrbS.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\6gwG.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\gxfzekk51.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\lI6eAu1sqq2.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\P17XSZAU6p5neX19v.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\qopWQzK.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\u-MJrV.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\wyRSSbqc98w\JNgBvbxt2TE.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\wyRSSbqc98w\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\wyRSSbqc98w\XfNky9jsklLvnZzA0q7K.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\cn620-GsIa4nYYYCofJ5.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\tt_X88h6 PABCl7r-.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\z5nYgQLxCnl5CC-.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\4tNMmqDfQUCo23LOg.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\9JZc.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\fWOL9DBWif.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\O8eEM2rfs_MY3eq9rG.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\s0d9d09EsgnYM8FvdWh.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\dINDjPM.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\GppAg7bkp9yD0gqXY.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\gX_wpIDL1D.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\nXLOUPBUSENPl3p-\WnVoa3g9JP.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\nXLOUPBUSENPl3p-\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\8kLT4Ds_WbYAiWWTJ\29fvAWN e8KITEzwwn.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\8kLT4Ds_WbYAiWWTJ\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\8kLT4Ds_WbYAiWWTJ\a6mtdOtp8JU.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\8kLT4Ds_WbYAiWWTJ\eZSH9_U.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\8kLT4Ds_WbYAiWWTJ\WALJYrB.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\AUvU5OO_3GglwZKK.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\kMLEB81EE9b5N1X.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\nMnO7w-y-y.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\AJr9qN-J2iQXFfFEuVm\fvNQxqgywuA5.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\AJr9qN-J2iQXFfFEuVm\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\AJr9qN-J2iQXFfFEuVm\INOm_Uv1I78K.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\AJr9qN-J2iQXFfFEuVm\l6wYbM_D_r_.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Saved Games\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\0hK3feRWLwMDEGNQX0.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\7QDjRW-YOMo-k-Z7n.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\H7tRdZQ_5G.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\qRw9a SAHnUzYrBRoXD.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\qTvKCWKzZwIBwteiqbM.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\th8eU.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\XphR2TJjz.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\-9fnhCfha2.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\9XuHi63.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\HKqhG.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\qhasofuRdPJwbI.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\x1B_.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\as7LziUTZIvnQsdmiXNj.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\D_Fv7 PRSX.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\kOVNpDMYRL.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\UgMctukfcXoBe.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\uLsDCVKQEuXlv ur2Xy.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\3kc4ZE4GwJhznR0Zwjv.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\8FsduI62A 2PMyaCYJT0.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\9n-4.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\BaYM9St _GUc-pMf1k-.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\dy4knw.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\gFe4.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\l6xsWM755meyJgKN.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\olgvHwYDQYI0LAKBu.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\rjZGheo.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\V_voeP\5b OpcYK DpCOz.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\V_voeP\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\V_voeP\ePXXKIHHqhnuU6fk.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\V_voeP\PTUT.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\-5LN7dOrug9.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\F0XHzrypqok3ky78oShS.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\i39wbFUmYP6Nr8Z.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\maZf5-.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\tlHDeOF6PKJ-_ruMjy.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\tq6haLxMyM.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\6GHFbg6R\YDgP6n.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\6GHFbg6R\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\OneDrive\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\-gv6hl.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\a7bhmQQgp.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\FGplqZx T.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\dckF.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\DsuPk7Zl9jC7_Qd.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iPpvCsEpbFWDeLC.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\OZuWUdusfQN.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\vnzuUiJUN.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\1fc6VHDHWaiUXR.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\D0I5ilhq2CC66S_eALG.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\esxI.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\Ew3rSNw.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\i42JoVPAE6Wr.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\k4EN3jl_.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\Oc7NraySLdll.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\xuEFHwNtl3mF5OMdlBH2\605WO0IG7rv 5Gkzsb.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\xuEFHwNtl3mF5OMdlBH2\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\xuEFHwNtl3mF5OMdlBH2\m1rlMk2aKfhDRFd.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\xuEFHwNtl3mF5OMdlBH2\PGszj43skZY.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\xuEFHwNtl3mF5OMdlBH2\yx7Ef.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\xuEFHwNtl3mF5OMdlBH2\tcOtOe4F9FR69v\lCE5UuOv6Td.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\xuEFHwNtl3mF5OMdlBH2\tcOtOe4F9FR69v\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\xuEFHwNtl3mF5OMdlBH2\tcOtOe4F9FR69v\vapNw9ByKw_HbBp.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\xuEFHwNtl3mF5OMdlBH2\tcOtOe4F9FR69v\X9TnF17Hn1X0_EkcrC.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\TfEyYXaoPWeg\JFdazS.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\TfEyYXaoPWeg\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ZOPz\iA1 8yOgktf96\TfEyYXaoPWeg\Pm7OTm.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\E 0yaVCuvr4xTgj0s.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\i30GiOiXB.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\IkM7 z01-mol8Cw-v67.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\mRwbv.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\PPQizB7psZmEP.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\Vm4ENrsiQIGSP.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\HQhOnEbZZq6Vve\9qYbL5jzyJkpK.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\HQhOnEbZZq6Vve\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\HQhOnEbZZq6Vve\BOyhfUb.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\HQhOnEbZZq6Vve\cM_EMR.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\HQhOnEbZZq6Vve\mZVj-71FZcsC6I.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\HQhOnEbZZq6Vve\sJWeRqq.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\wRa9F7\HQhOnEbZZq6Vve\Tnvqh.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Links\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Links\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Links\Downloads.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Links\OneDrive.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\Links\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\Links\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Downloads\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Downloads\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Downloads\jre-8u131-windows-x64.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\5lFe4Lx.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\atcbUa--7pS9_Ex5YF.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\blBTLlE6nvl7Pn1.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\EM9gXmq2LKv8ZfRa.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\iHZCO2.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\J0-1VW5m.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\K3DCzA0ZGH0l2.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\KFqf_.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\lMdzhF4zVS-.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\m_9eSbnarKHeuqXe.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\n3KedfT.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OeV eLnpiBhWXEtbc4x.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\oX bq4vkxJPJqad.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\t ZQSDpu2iUJxLE-.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\T-K5SGwmJ3 mPB9Ky.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\UTm7Gxl.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\UwnMvSU.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\v5i14i.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\VCAVi.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\xCi5Tni.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\ZyRASY.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\1oYB.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\5Fs 9 UvPA.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\L1EP-E2O7byfuic0.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\qF 8oXk89NL1YrK6.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\18WQhA51.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\D91N0Zq.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\sNyJwDMYDf6NcUAOQLTL.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\WRYiECXnl.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\xCTUW.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\Xie6INIoLR04EDGFFG.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\Y1x8ZqxCi645D\kFMszdL4nvSI2cz.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\Y1x8ZqxCi645D\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\Y1x8ZqxCi645D\wGY2YQxdKU.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\Y1x8ZqxCi645D\wi8F0Q5O.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\Y1x8ZqxCi645D\X5ifFEMYR.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\Y1x8ZqxCi645D\Xy sr4g.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\Y1x8ZqxCi645D\yB mn0zdV.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\5WalP3Bl2rWl-yo.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\oIDz6LcGNvXGF5.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\oPt7hCN-3pA.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\PsMh09Ma0h6Sf.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\st0nFHr7kLd7u.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\Ud56yevTC_MGVYoy1e.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\VATb.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\yfDWeHYmEqVC.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\WcaMW\3qzJcOg3A.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\WcaMW\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TtwPs\PKpwIdD38h0\4Ldoz2W50h\WcaMW\hfvups2InA_-BDQV8.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Outlook Files\lcfkj@kiekc.df.pst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Outlook Files\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\Quick Notes.one | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\Favorites.vssx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\_private\folder.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\_private\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\2xnCn\GRkI.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\2xnCn\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\2xnCn\Kt33N_.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\2xnCn\uCq2JjZ35.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\2xnCn\vVBl5CzqCzhTO.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\1IlkJYRGg.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\23i5acjUYsPml.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\34vihcjptwSY126cU6r.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\5AYMmPlf.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\7UeLr6 ahNxhpqMpU.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\8-smyN.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\9j9hSV0AGjQ5P.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\aF0cJNiJiaE7zPu.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\BwjEJ4q.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\cfrs5lie-afnL_qf.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\cp_i6VwPEAGUcDb9VyN0.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\cR1v23Mrj a0X.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Dm CHu2si-01iRgc2.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\eWhS_.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\MSC000000981631.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\O1hl.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\OfmyPUTg.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\phaPdn7U89EhKuLZIB.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Qgj3gqt4NmSeH.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\QPcuvsBPfyJdsjj0R.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\quymqFwIVsq34Nza18mw.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\rqqQHXhU2jy2mu2PyuI.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\sf42hT3t.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\W9fVdr5L65XR8o.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\xCEXvXhj0VQdjnT3.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\z8 bc8_xQU.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Z82HPIHYz D.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\ZyLZN4wKBOnt edaUa.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Zbtp57yuqYSnW07xS\IprKUQN5V.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Zbtp57yuqYSnW07xS\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Zbtp57yuqYSnW07xS\JJwbkuO44n.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Zbtp57yuqYSnW07xS\vBNDk.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\n5Ztp\9jTu8T4KEHg5MRd.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\n5Ztp\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\n5Ztp\QLOJTsq6N0t9Kt4SxCxw.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\n5Ztp\Z-Bho7uk1tOcQIpb.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\n5Ztp\zbnK-TfEBdN8Xe.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\n5Ztp\Kup5hojDWdyFrOpXF\1b 3uKDjMA.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\n5Ztp\Kup5hojDWdyFrOpXF\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\n5Ztp\Kup5hojDWdyFrOpXF\cvvEUY6.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\n5Ztp\Kup5hojDWdyFrOpXF\eu1jcB_.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\n5Ztp\Kup5hojDWdyFrOpXF\LRm18Lj3x1fX2IJ.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\n5Ztp\Kup5hojDWdyFrOpXF\lsRwPHc.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\lulcit amkdfe.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\sikvnb huvuib.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\2A7x9EPcCAgl.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\AmZ3.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\dgkF.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\e4fZOADVmOZQm.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\etLaCzOa2X6.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\F5nHzYdQA07MgBbF.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gD34Cv9-IHgCunUMAE.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\H0OF8ATjoMI2aUXO4m.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h0_3DUVl2w52PWKJiRk.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hxh5o9rz4Edu-fPev.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\IEa0O.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K0j6F-xlIeLiy.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\KvZ2MG9pJ.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LnELOxkuzwomT.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\oJq0bw.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\OuO0Z.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\r8UCd.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\rF9cz5H_X40G5jLH.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\SpDa.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\SVMzi08.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\t7rM-lmeZ.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\UjkY.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\w7lhDIvk.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\W9JHrRgo LbXIOiPY7w.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\WL sWzcfAqsxCr.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\XFr9Wzy.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\XjJL2fLOy8LCZl1A4u8.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\xrIFO.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\yt58.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ZEXa.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\RootTools\roottools.conf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\RootTools\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\profiles.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\search.json.mozlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SecurityPreloadState.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionCheckpoints.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\times.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\webappsstore.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\xulstore.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata-v2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\upgrade.js-20170518000419 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_c8be971a-de95-4557-abcb-db98e0788e08_00209595-b6ba-4fa7-88b0-97083d4c2159_0.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\Logs\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_c8be971a-de95-4557-abcb-db98e0788e08_56653bcd-022e-4023-b1f6-9926fada0024_0.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Sun\Java\Deployment\deployment.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Sun\Java\Deployment\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat\DC\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDB.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDB.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDB00004.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDBres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDBres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDBtmp.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\vedatamodel.edb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\0g-mX7JTJe-Sj10.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\2U0LE_l1ov.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\3--oMmPwZ.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\3vZH2yjtYsKfc7y.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\3Zhtv.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\47QMQ.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\65Orwx5ceqv.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\6fNW.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\8gXW1Z6dvIk.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\9GKFDLC9zdG9VdStxiB.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\AdobeARM.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\ArmUI.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\FW6lt2NDjZH.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\F_4Tu8ppFN_dR.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\g7wBDP8D.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\iDZnhlbh_ G-e45.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\klAR_8_n.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\LHNIWSJ-20171110-1726.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\lUDWozZeb1O57be4N4p.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\NNRGrFwXihuC8WV.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\oFv5oNAG.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\rav5pCmmACXHU.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\rVpdrW_orZM9.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\sU6SVcwb41LxR.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\VfH6K03Dt2b6cL.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\W8nb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\y-deNk8MyPH4JZrn4.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\yEvVo0n.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\_TyC_.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\nsmA14E.tmp\System.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\nsmA14E.tmp\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{241d7c96-f8bf-4f85-b01f-e2b043341a4b}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{33C56305-BA7B-48E0-9784-2D05E3F5D27E}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{728047C0-00D2-4FDB-A069-06338B92E93B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{7940ACF8-60BA-4213-A7C3-F3B400EE266D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{A88F43D0-B9C8-42F2-B9F3-90902FC0B22B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{E2E2F6CF-9D1A-4004-8999-8AB81010B5AC}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Proxy_Automatic_Config_Group.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsChangeAccountPicture.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupAppSizesList.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupAutoplayDefaults.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupDataSenseMainPageOverview.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupDataSenseMainPageSettings.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessFilterKeys.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessNarrator.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessOSK.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessOther.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessStickyKeys.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessToggleKeys.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupFamilyUsers.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupInputMouse.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupLockScreenPreview.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupMapsUpdates.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupNotificationsAppList.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemDeviceEncryption.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemSupportInfo.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemWindowsInfo.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPen.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPersonalizeColorChoose.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPicturePassword.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepDisplayOff.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepDisplayOffAoAc.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepSleep.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPrivacyLocationHistory.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupRegionDateTimeFormats.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupSpeechMicrophone.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupVirtualDesktops.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupYourAccount.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsManage.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsPicture.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsSync.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsUsers.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageActivate.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaults.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaultsFileExtensionView.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaultsProtocolView.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsNotifications.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageBackground.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageBatterySaver.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageColors.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDataSenseOverview.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDevicesPen.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDevicesPrinters.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessClosedCaptioning.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessHighContrast.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessKeyboard.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMagnifier.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMoreOptions.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMouse.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessNarrator.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageLockScreen-2.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageLockScreen.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageMaps.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageMultiTasking.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkAirplaneMode.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkDialup.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkDirectAccess.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkEthernet.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkMobileBroadband.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkMobileHotspot.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkProxy.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkVPN.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkWiFi.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkWorkplace.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemAutoPlay.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemBluetooth.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDevices.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDeviceSettings.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDisplay.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemInfo.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemShellMode.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyAccountInfo.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyCalendar.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyContacts.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyCustomPeripherals.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyGeneral.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyLocation.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMessaging.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMicrophone.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMotionData.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyPersonalization.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyRadios.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacySIUFSettings.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyWebcam.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreDeveloperOptions.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreMusUpdate.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreOneBackup.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreRestore.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageScreenPowerAndSleep.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageSpeech.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStart.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStorageSenseSaveLocations.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStorageSenseStorageOverview.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageThemes.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionDateTime.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionLanguage.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionSpelling.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageWindowsDefender.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageWindowsServerDefender.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Settings_DeveloperModeGroup.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Settings_DeviceDiscoveryGroup.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_CursorThickness.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsAnimationsEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsMouseKeysEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsOverlappedContentEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsAutoStartEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsFollowInsertPointEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsFollowKeyFocusEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsInversionColorEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_MouseCursorColor.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_MouseCursorSize.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsAutoStartEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsDuckAudioEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEchoCharacterEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEchoWordEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsFastKeyEntryEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsFollowInsertionEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsHighlightCursorEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsPlayAudioCuesEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsReadHintsEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechPitch.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechSpeed.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechVoices.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_NotificationDuration.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Autoplay_IsEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_OverrideControl.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_SettingsLink-2.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_SettingsLink.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_UsageDetailsLink-2.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_UsageDetailsLink.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DataSense_ConfigureSetLimitButton.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_CountryRegion.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_IsAutomaticDSTAdjustEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_IsTimeSetAutomaticallyEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_Set.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_SetFormats.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_TimezoneInfo.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Audio.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Browser.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Calendar.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Email.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Map.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Photos.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Video.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_EnablePixie.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_EnableRipple.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_SetHandedness.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Device_Add.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_AdvancedSettings.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_DPI_Override.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Duplicate.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IdentifyDetectWireless.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IsAutoBrightnessEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IsRotationLocked.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_MainMonitor.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Monitors.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Orientation.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Mouse_SetButtonConfiguration.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Mouse_SetScrollPage.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_CursorSpeed.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableEdgeGesture.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableTouchPad.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableVisualFeedback.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableVisualFeedbackPM.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_FourFingerTapEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_LeaveOnWithMouse.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_PanEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_RightClickZoneEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_SetActivationTimeout.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_SetScrollDirection.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TapAndDrag.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TapsEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ThreeFingerSlideEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ThreeFingerTapEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TwoFingerTapEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ZoomEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsAutoCorrectionEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsAutoShiftEngageEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsCompatibilityKeyboardEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsDoubleTapSpaceEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsKeyAudioFeedbackEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsPredictionSpaceInsertionEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsShiftLockEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsSpellcheckingEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsTextPredictionEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Add_Profile.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Installed_Profiles_Collection.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Personal_Data_Control.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Web_Content_Control.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Maps_DeleteAll.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Maps_Download_Add_Package.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_ResetYourPC.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_PreviewBuild.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows7.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows8.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows8_1.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_AeroSnapEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_SnapAssistEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_SnapFillEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MusUpdate_AdvancedSettingsLink.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MusUpdate_UpdateActionButton.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_PinnedQuickActions.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SelectIconsToAppearOnTaskbar.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_ShowAppNotifications.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SoftLandingEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SystemIcons.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ActivateWindowsLicense.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_GetPCName.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_InstalledRamStatus.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_JoinCloudDomain.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_JoinDomain.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_LeaveOrganization.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_PenAndTouchStatus.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ProcessorStatus.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ProductIdStatus.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_RenamePC.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_SystemTypeStatus.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Background_ChooseBackground.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Background_ChooseFit.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Color_ColorPrevalence.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Color_EnableTransparency.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenAppsBadge.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenAppsTile.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenBackground.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenChooseBackgroundType.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenSlideshowSource_CloudBrandName.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutAC.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutAC_AoAc.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutDC.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutDC_AoAc.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_SleepTimeoutAC.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_SleepTimeoutDC.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_AdvertisingIdEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_EnableCollectionOfUrlsAppsUse.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_OpenPrivacyStatementLink.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_AutomaticConfigScript.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_AutomaticDetection.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_ManualProxyAddress.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Radio_DeviceList.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Radio_IsAirplaneModeEnabled.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_ModeChangeConfig.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_Preference.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_TaskbarAppsVisibility.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_Toggle.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Startup_AdvancedStartup.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_LinkToPlacesPage.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_ShowRecentlyAddedAppsGroup.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_ShowSuggestedAppsGroup.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_Size.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_StoreMFUApps.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_StoreRecentlyOpenedItems.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink-2.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink-3.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncAccessibility_Toggle.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncBrowserSettings_Toggle.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncCredentials_Toggle.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncLanguage_Toggle.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncMaster_Toggle.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncPersonalization_Toggle.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_Windows_Toggle.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_AssignedAccess.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_ChangePassword.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_DelayLock.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentFace.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentFingerprint.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentIris.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_PicturePassword.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_PINPassword.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_SingleSignOnAccountList.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_VirtualDesktops_AltTabFilter.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_VirtualDesktops_TaskbarFilter.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Workplace_CorpDeviceManagement.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Workplace_RelatedSettings.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AddOrRemovePrograms.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0042AE00-17CC-42EC-B5AD-B8F08A025D71}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{01ACC6BC-9A3D-49c5-AC7D-0FB9E026C424}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{028DE9F5-65F3-4A06-A048-421056F3E421}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{030C20F0-E20B-417A-B7AD-CEC6EE955CD3}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{059ECE57-19D1-4112-B05C-86F8ED5DA6B0}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06628900-13DD-4fc3-A18B-0E9CE7B663ED}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06D12455-F35D-44D6-8E00-3F6A360CC030}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06FF5AE9-8F7C-41AD-B71B-62137DE26715}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{082594D9-8481-43F0-AE8F-62EA920A4220}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{083D5202-600A-4f38-981B-2D138FBDC4D1}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{08D48377-1C06-416D-B382-61E8D5F6CD18}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{08EB53B7-3384-473A-8D2C-6C0E71F3BF34}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\classic_{09bf6a57-7bf7-4389-8d6f-2bcf6a26bb4e}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0CDC534D-A9FF-450D-91D8-96C341ED44AA}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0df44eaa-ff21-4412-828e-260a8728e7f1}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0DF721FA-F921-4416-A491-1924F212C705}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0e1d43a6-f261-491c-84ea-8bfcc6a4b70b}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0F1B68F6-B72D-4229-BC9C-A87F0B16B17B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1011988D-12F9-446b-85FF-A1579CCD1678}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{10cbe5dd-9921-4090-b412-361339a230ad}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{11135AE0-7372-4f85-8D1B-93D6EFBE5A99}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{11E71674-7556-4E27-8D59-03B2FA846204}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1206f5f1-0569-412c-8fec-3204630dfb70}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{12BBBD91-8E16-4C3F-9715-16E5C8299244}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{141D98AD-3E07-4C44-A578-4DCA078286A4}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{14DEC75C-D6CE-44A9-8349-AD0F46EF96BE}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1515BA81-68EB-4143-A29F-51A40A65DAE6}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{16C327FA-D8A8-41C0-B022-64AC67715327}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{17468BC4-3ACB-4D2A-98C2-B0B7B4EF29E6}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe | type = file_attributes |
|
1 | |
| Get Info | C:\BOOTNXT | type = size, size_out = 1 |
|
1 | |
| Get Info | C:\\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\BOOTSECT.BAK | type = size, size_out = 8192 |
|
1 | |
| Get Info | C:\\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\desktop.ini | type = size, size_out = 174 |
|
1 | |
| Get Info | C:\Users\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\desktop.ini | type = size, size_out = 174 |
|
1 | |
| Get Info | C:\Users\Public\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Videos\desktop.ini | type = size, size_out = 380 |
|
1 | |
| Get Info | C:\Users\Public\Videos\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Pictures\desktop.ini | type = size, size_out = 380 |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Music\desktop.ini | type = size, size_out = 380 |
|
1 | |
| Get Info | C:\Users\Public\Music\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Libraries\desktop.ini | type = size, size_out = 175 |
|
1 | |
| Get Info | C:\Users\Public\Libraries\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Libraries\RecordedTV.library-ms | type = size, size_out = 999 |
|
1 | |
| Get Info | C:\Users\Public\Libraries\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Downloads\desktop.ini | type = size, size_out = 174 |
|
1 | |
| Get Info | C:\Users\Public\Downloads\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Documents\desktop.ini | type = size, size_out = 278 |
|
1 | |
| Get Info | C:\Users\Public\Documents\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Desktop\Acrobat Reader DC.lnk | type = size, size_out = 2130 |
|
1 | |
| Get Info | C:\Users\Public\Desktop\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Desktop\desktop.ini | type = size, size_out = 174 |
|
1 | |
| Get Info | C:\Users\Public\Desktop\Read___ME.html | type = file_attributes |
|
3 | |
| Get Info | C:\Users\Public\Desktop\Google Chrome.lnk | type = size, size_out = 2338 |
|
1 | |
| Get Info | C:\Users\Public\Desktop\Mozilla Firefox.lnk | type = size, size_out = 1222 |
|
1 | |
| Get Info | C:\Users\Public\AccountPictures\desktop.ini | type = size, size_out = 196 |
|
1 | |
| Get Info | C:\Users\Public\AccountPictures\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\NTUSER.DAT | type = size, size_out = 262144 |
|
1 | |
| Get Info | C:\Users\Default\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\NTUSER.DAT.LOG1 | type = size, size_out = 24576 |
|
1 | |
| Get Info | C:\Users\Default\Read___ME.html | type = file_attributes |
|
5 | |
| Get Info | C:\Users\Default\NTUSER.DAT.LOG2 | type = size, size_out = 516096 |
|
1 | |
| Get Info | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf | type = size, size_out = 65536 |
|
1 | |
| Get Info | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms | type = size, size_out = 524288 |
|
1 | |
| Get Info | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms | type = size, size_out = 524288 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\ntuser.ini | type = size, size_out = 20 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini | type = size, size_out = 504 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\E2waSdX2n_.flv | type = size, size_out = 18658 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\Read___ME.html | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\iBTwm8.mp4 | type = size, size_out = 62306 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\NY17G87uN.mkv | type = size, size_out = 73182 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\P1l10Vzx4hd3-C.mp4 | type = size, size_out = 7057 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\U8xibbuO9vCag.mkv | type = size, size_out = 47050 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cpcCB0B.swf | type = size, size_out = 13875 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\pglUhoTAS6kwMMFsDl.swf | type = size, size_out = 64527 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\6e5-HpMrbS.mkv | type = size, size_out = 10256 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\6gwG.flv | type = size, size_out = 99265 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\Read___ME.html | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\gxfzekk51.mp4 | type = size, size_out = 85112 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\lI6eAu1sqq2.mkv | type = size, size_out = 99025 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\P17XSZAU6p5neX19v.mkv | type = size, size_out = 79144 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\qopWQzK.mkv | type = size, size_out = 14293 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\u-MJrV.swf | type = size, size_out = 24312 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\wyRSSbqc98w\JNgBvbxt2TE.flv | type = size, size_out = 82996 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\wyRSSbqc98w\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\wyRSSbqc98w\XfNky9jsklLvnZzA0q7K.swf | type = size, size_out = 67025 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\gPYspNB\wyRSSbqc98w\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\cn620-GsIa4nYYYCofJ5.mkv | type = size, size_out = 62495 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\tt_X88h6 PABCl7r-.swf | type = size, size_out = 99372 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\Read___ME.html | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\z5nYgQLxCnl5CC-.avi | type = size, size_out = 55454 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\4tNMmqDfQUCo23LOg.avi | type = size, size_out = 68175 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\9JZc.mp4 | type = size, size_out = 10342 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\Read___ME.html | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\fWOL9DBWif.flv | type = size, size_out = 13609 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\O8eEM2rfs_MY3eq9rG.mp4 | type = size, size_out = 79592 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\XBh9XWX0LPZGgDjBITI\cxqVyRkp8K1US\j-xye\s0d9d09EsgnYM8FvdWh.avi | type = size, size_out = 9896 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\dINDjPM.mp4 | type = size, size_out = 83820 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\GppAg7bkp9yD0gqXY.flv | type = size, size_out = 81163 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\Read___ME.html | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\gX_wpIDL1D.flv | type = size, size_out = 74231 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\nXLOUPBUSENPl3p-\WnVoa3g9JP.avi | type = size, size_out = 18593 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\nXLOUPBUSENPl3p-\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\8kLT4Ds_WbYAiWWTJ\29fvAWN e8KITEzwwn.flv | type = size, size_out = 65888 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\8kLT4Ds_WbYAiWWTJ\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\8kLT4Ds_WbYAiWWTJ\a6mtdOtp8JU.avi | type = size, size_out = 62311 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\8kLT4Ds_WbYAiWWTJ\Read___ME.html | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\8kLT4Ds_WbYAiWWTJ\eZSH9_U.flv | type = size, size_out = 89292 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bGVBhkL2p_r\8kLT4Ds_WbYAiWWTJ\WALJYrB.swf | type = size, size_out = 62083 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\AUvU5OO_3GglwZKK.mp4 | type = size, size_out = 16578 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\kMLEB81EE9b5N1X.avi | type = size, size_out = 35556 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\Read___ME.html | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\nMnO7w-y-y.swf | type = size, size_out = 55647 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\AJr9qN-J2iQXFfFEuVm\fvNQxqgywuA5.swf | type = size, size_out = 86402 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\AJr9qN-J2iQXFfFEuVm\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\AJr9qN-J2iQXFfFEuVm\INOm_Uv1I78K.avi | type = size, size_out = 71077 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\AJr9qN-J2iQXFfFEuVm\Read___ME.html | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\AkFTbjqu7\AJr9qN-J2iQXFfFEuVm\l6wYbM_D_r_.mp4 | type = size, size_out = 62489 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini | type = size, size_out = 524 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Searches\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms | type = size, size_out = 248 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Searches\Read___ME.html | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms | type = size, size_out = 248 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini | type = size, size_out = 282 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Saved Games\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\0hK3feRWLwMDEGNQX0.gif | type = size, size_out = 24973 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\7QDjRW-YOMo-k-Z7n.jpg | type = size, size_out = 6331 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\Read___ME.html | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini | type = size, size_out = 504 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\H7tRdZQ_5G.jpg | type = size, size_out = 23408 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\qRw9a SAHnUzYrBRoXD.png | type = size, size_out = 51721 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\qTvKCWKzZwIBwteiqbM.jpg | type = size, size_out = 85890 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\th8eU.jpg | type = size, size_out = 63500 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\XphR2TJjz.gif | type = size, size_out = 90070 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\desktop.ini | type = size, size_out = 190 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\-9fnhCfha2.png | type = size, size_out = 26279 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\9XuHi63.bmp | type = size, size_out = 52553 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\Read___ME.html | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\HKqhG.png | type = size, size_out = 54052 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\qhasofuRdPJwbI.gif | type = size, size_out = 97713 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\rtEvOrrNW0Ui5otj\x1B_.bmp | type = size, size_out = 35924 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\as7LziUTZIvnQsdmiXNj.jpg | type = size, size_out = 35583 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\D_Fv7 PRSX.jpg | type = size, size_out = 32711 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\Read___ME.html | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\kOVNpDMYRL.png | type = size, size_out = 46703 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\UgMctukfcXoBe.png | type = size, size_out = 95135 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\kuEb8-SMvM\uLsDCVKQEuXlv ur2Xy.jpg | type = size, size_out = 45812 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\desktop.ini | type = size, size_out = 190 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\3kc4ZE4GwJhznR0Zwjv.png | type = size, size_out = 62809 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\8FsduI62A 2PMyaCYJT0.jpg | type = size, size_out = 11381 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\Read___ME.html | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\9n-4.jpg | type = size, size_out = 16616 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\BaYM9St _GUc-pMf1k-.gif | type = size, size_out = 88621 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\dy4knw.jpg | type = size, size_out = 24108 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\gFe4.gif | type = size, size_out = 42755 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\l6xsWM755meyJgKN.jpg | type = size, size_out = 32735 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\olgvHwYDQYI0LAKBu.jpg | type = size, size_out = 63012 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\rjZGheo.jpg | type = size, size_out = 73324 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\V_voeP\5b OpcYK DpCOz.jpg | type = size, size_out = 66698 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\V_voeP\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\V_voeP\ePXXKIHHqhnuU6fk.png | type = size, size_out = 100928 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\V_voeP\Read___ME.html | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\V_voeP\PTUT.png | type = size, size_out = 7041 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\-5LN7dOrug9.png | type = size, size_out = 46414 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\Read___ME.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\F0XHzrypqok3ky78oShS.png | type = size, size_out = 46363 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\Read___ME.html | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\9WI6Gc3O9CZj\aBVGEclAKlPmc\i39wbFUmYP6Nr8Z.bmp | type = size, size_out = 92319 |
|
1 | |
|
For performance reasons, the remaining 3304 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | value_name = BrowserUpdateCheck, data = 0 |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | value_name = BrowserUpdateCheck, data = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe, size = 102, type = REG_SZ |
|
1 |
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | taskkill /F /T /PID 2784 | os_pid = 0xff4, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\vwOrbzLbc.exe, size = 2048 |
|
1 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
1 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = temp, result_out = C:\Users\CIIHMN~1\AppData\Local\Temp |
|
1 | |
| Get Environment String | name = appdata, result_out = C:\Users\CIiHmnxMn6Ps\AppData\Roaming |
|
1 | |
| Get Environment String | name = public, result_out = C:\Users\Public |
|
1 |
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill /F /T /PID 2784 |
| Initial Working Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:00:37, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:46 |
| Remarks | No high level activity detected in monitored regions |
| Information | Value |
|---|---|
| PID | 0xff4 |
| Parent PID | 0xfe0 (c:\users\ciihmn~1\appdata\local\temp\vworbzlbc.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FF8
0x
C18
0x
C38
0x
CE0
0x
D08
0x
D18
|
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:49, Reason: Autostart |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:34 |
| Information | Value |
|---|---|
| PID | 0xd40 |
| Parent PID | 0x81c (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D44
0x
D48
0x
D4C
0x
D50
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000001c0000 | 0x001c0000 | 0x001c1fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x001d0000 | 0x0028dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000290000 | 0x00290000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002a0000 | 0x002a0000 | 0x002dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002e0000 | 0x002e0000 | 0x003dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable |
|
|
|
|
| oleaccrc.dll | 0x003f0000 | 0x003f1fff | Memory Mapped File | Readable |
|
|
|
|
| vworbzlbc.exe | 0x00400000 | 0x0043bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000440000 | 0x00440000 | 0x00441fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000450000 | 0x00450000 | 0x004bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000450000 | 0x00450000 | 0x00453fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000460000 | 0x00460000 | 0x00460fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000470000 | 0x00470000 | 0x004affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004b0000 | 0x004b0000 | 0x004bffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.1.db | 0x004e0000 | 0x004e3fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000004e0000 | 0x004e0000 | 0x004e2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000004e0000 | 0x004e0000 | 0x004edfff | Private Memory | Readable, Writable |
|
|
|
|
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db | 0x004f0000 | 0x00508fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000510000 | 0x00510000 | 0x0051ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000520000 | 0x00520000 | 0x00520fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000530000 | 0x00530000 | 0x00541fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000550000 | 0x00550000 | 0x0055efff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000560000 | 0x00560000 | 0x0065ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000660000 | 0x00660000 | 0x007e7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000007f0000 | 0x007f0000 | 0x00970fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000980000 | 0x00980000 | 0x01d7ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| sortdefault.nls | 0x01d80000 | 0x020b6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000020c0000 | 0x020c0000 | 0x021bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000021c0000 | 0x021c0000 | 0x021fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002200000 | 0x02200000 | 0x022fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002300000 | 0x02300000 | 0x02b07fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002b10000 | 0x02b10000 | 0x08a73fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000008a80000 | 0x08a80000 | 0x08bf6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000008c00000 | 0x08c00000 | 0x08d78fff | Private Memory | Readable, Writable |
|
|
|
|
| system.dll | 0x10000000 | 0x10005fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x73aa0000 | 0x73acefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcrypt.dll | 0x73ad0000 | 0x73aeafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x73af0000 | 0x73b02fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shfolder.dll | 0x73b10000 | 0x73b15fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| version.dll | 0x73b20000 | 0x73b27fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleacc.dll | 0x73b30000 | 0x73b82fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x73b90000 | 0x73bacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x73bb0000 | 0x73cf1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apphelp.dll | 0x73d00000 | 0x73d90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| userenv.dll | 0x73da0000 | 0x73db8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x73dc0000 | 0x73e34fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x73e40000 | 0x74048fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcryptprimitives.dll | 0x74050000 | 0x740a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x740b0000 | 0x740b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x740c0000 | 0x740ddfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| powrprof.dll | 0x74100000 | 0x74143fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x74150000 | 0x741e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shcore.dll | 0x74370000 | 0x743fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x74410000 | 0x74491fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x744a0000 | 0x7455dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x74560000 | 0x745a2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x745b0000 | 0x746cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel.appcore.dll | 0x746e0000 | 0x746ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x746f0000 | 0x74865fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x749e0000 | 0x74a8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x74a90000 | 0x74b79fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x74bd0000 | 0x74c05fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x74c10000 | 0x75fcefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| combase.dll | 0x76040000 | 0x761f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x762a0000 | 0x7638ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.storage.dll | 0x76390000 | 0x7686cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x76870000 | 0x76877fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x76880000 | 0x768cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x768d0000 | 0x76942fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76960000 | 0x76a9ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76aa0000 | 0x76acafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x76ad0000 | 0x76adefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76c00000 | 0x76c43fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76c50000 | 0x76ccafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| setupapi.dll | 0x76cd0000 | 0x76e74fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76f40000 | 0x7708cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77090000 | 0x77208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007fead000 | 0x7fead000 | 0x7feaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fff470fffff | Private Memory | Readable |
|
|
|
|
| ntdll.dll | 0x7fff47100000 | 0x7fff472c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007fff472c2000 | 0x7fff472c2000 | 0x7ffffffeffff | Private Memory | Readable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_TEMPORARY, FILE_FLAG_DELETE_ON_CLOSE |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\nss8BF6.tmp\System.dll | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\nss8BF6.tmp\System.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
26 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | desired_access = GENERIC_READ |
|
1 | |
| Create | C:\Windows\SYSTEM32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
3 | |
| Create | C:\Windows\SYSTEM32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
4 | |
| Create Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\ | - |
|
1 | |
| Create Directory | C:\Users | - |
|
2 | |
| Create Directory | C:\Users\CIIHMN~1 | - |
|
2 | |
| Create Directory | C:\Users\CIIHMN~1\AppData | - |
|
2 | |
| Create Directory | C:\Users\CIIHMN~1\AppData\Local | - |
|
2 | |
| Create Directory | C:\Users\CIIHMN~1\AppData\Local\Temp | - |
|
2 | |
| Create Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\nss8BF6.tmp | - |
|
1 | |
| Create Temp File | C:\Users\CIIHMN~1\AppData\Local\Temp\nsx8BC5.tmp | path = C:\Users\CIIHMN~1\AppData\Local\Temp\, prefix = nsx |
|
1 | |
| Create Temp File | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | path = C:\Users\CIIHMN~1\AppData\Local\Temp\, prefix = nsm |
|
1 | |
| Create Temp File | C:\Users\CIIHMN~1\AppData\Local\Temp\nss8BF6.tmp | path = C:\Users\CIIHMN~1\AppData\Local\Temp, prefix = nss |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe | type = size |
|
1 | |
| Get Info | C:\Users | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIIHMN~1 | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIIHMN~1\AppData | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp\nss8BF6.tmp\System.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp\nss8BF6.tmp\System.dll | type = file_attributes |
|
26 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SYSTEM32\ntdll.dll | type = size |
|
3 | |
| Get Info | C:\Windows\SYSTEM32\ntdll.dll | type = size |
|
4 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe | size = 512, size_out = 512 |
|
79 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe | size = 16384, size_out = 16384 |
|
6 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 4, size_out = 4 |
|
3 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 31488, size_out = 31488 |
|
1 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 11264, size_out = 11264 |
|
1 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 16384, size_out = 16384 |
|
4 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 6023, size_out = 6023 |
|
1 | |
| Read | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | size = 71559, size_out = 71559 |
|
1 | |
| Read | C:\Windows\SYSTEM32\ntdll.dll | size = 1533496, size_out = 1533496 |
|
3 | |
| Read | C:\Windows\SYSTEM32\ntdll.dll | size = 1533496, size_out = 1533496 |
|
4 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 32768 |
|
2 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 14048 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nss8BF6.tmp\System.dll | size = 11264 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 25540 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 16141 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 16153 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 16149 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\nsm8BD5.tmp | size = 24930 |
|
1 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | size = 16384 |
|
4 | |
| Write | C:\Users\CIIHMN~1\AppData\Local\Temp\W8nb | size = 6023 |
|
1 | |
| Delete | C:\Users\CIIHMN~1\AppData\Local\Temp\nsx8BC5.tmp | - |
|
1 | |
| Delete | C:\Users\CIIHMN~1\AppData\Local\Temp\nss8BF6.tmp | - |
|
1 |
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe | os_pid = 0xd94, creation_flags = CREATE_SUSPENDED, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 |
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Context | c:\windows\system32\svchost.exe | os_tid = 0xd44 |
|
1 | |
| Set Context | c:\windows\system32\svchost.exe | os_tid = 0xd44 |
|
1 |
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe | address = 0x7ffde008, size = 4 |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Windows\system32\UXTHEME.dll | base_address = 0x73dc0000 |
|
1 | |
| Load | C:\Windows\system32\USERENV.dll | base_address = 0x73da0000 |
|
1 | |
| Load | C:\Windows\system32\SETUPAPI.dll | base_address = 0x76cd0000 |
|
1 | |
| Load | C:\Windows\system32\APPHELP.dll | base_address = 0x73d00000 |
|
1 | |
| Load | C:\Windows\system32\PROPSYS.dll | base_address = 0x73bb0000 |
|
1 | |
| Load | C:\Windows\system32\DWMAPI.dll | base_address = 0x73b90000 |
|
1 | |
| Load | C:\Windows\system32\CRYPTBASE.dll | base_address = 0x740b0000 |
|
1 | |
| Load | C:\Windows\system32\OLEACC.dll | base_address = 0x73b30000 |
|
1 | |
| Load | C:\Windows\system32\CLBCATQ.dll | base_address = 0x74410000 |
|
1 | |
| Load | C:\Windows\system32\VERSION.dll | base_address = 0x73b20000 |
|
1 | |
| Load | C:\Windows\system32\SHFOLDER.dll | base_address = 0x73b10000 |
|
1 | |
| Load | C:\Users\CIIHMN~1\AppData\Local\Temp\nss8BF6.tmp\System.dll | base_address = 0x10000000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x76c50000 |
|
16 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x762a0000 |
|
6 | |
| Get Handle | VERSION | base_address = 0x0 |
|
1 | |
| Get Handle | SHFOLDER | base_address = 0x0 |
|
1 | |
| Get Handle | c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe | base_address = 0x400000 |
|
1 | |
| Get Handle | c:\windows\syswow64\shell32.dll | base_address = 0x74c10000 |
|
1 | |
| Get Handle | C:\Users\CIIHMN~1\AppData\Local\Temp\nss8BF6.tmp\System.dll | base_address = 0x0 |
|
1 | |
| Get Handle | c:\users\ciihmn~1\appdata\local\temp\nss8bf6.tmp\system.dll | base_address = 0x10000000 |
|
26 | |
| Get Handle | c:\windows\syswow64\msvcrt.dll | base_address = 0x744a0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x76960000 |
|
4 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77090000 |
|
2 | |
| Get Filename | SHFOLDER | process_name = c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe, size = 1024 |
|
1 | |
| Get Filename | C:\Users\CIIHMN~1\AppData\Local\Temp\nss8BF6.tmp\System.dll | process_name = c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe, size = 259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x74820790 |
|
1 | |
| Get Address | c:\windows\syswow64\version.dll | function = GetFileVersionInfoA, address_out = 0x73b21f80 |
|
1 | |
| Get Address | c:\windows\syswow64\shfolder.dll | function = SHGetFolderPathA, address_out = 0x73b11300 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultUILanguage, address_out = 0x762ba6f0 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = 680, address_out = 0x74eafa00 |
|
1 | |
| Get Address | c:\users\ciihmn~1\appdata\local\temp\nss8bf6.tmp\system.dll | function = Call, address_out = 0x100016bd |
|
25 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = malloc, address_out = 0x744e78c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemInfo, address_out = 0x762ba1f0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = wsprintf, address_out = 0x0 |
|
4 | |
| Get Address | c:\windows\syswow64\user32.dll | function = wsprintfA, address_out = 0x7698ea00 |
|
4 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFile, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x762c6170 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtCreateSection, address_out = 0x770f9080 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtMapViewOfSection, address_out = 0x770f8e60 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x762c64a0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFileA, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x762c5f20 |
|
1 | |
| Get Address | c:\users\ciihmn~1\appdata\local\temp\nss8bf6.tmp\system.dll | function = Int64Op, address_out = 0x1000180d |
|
2 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 5750408 |
|
1 | |
| Map | - | process_name = c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x530000 |
|
1 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = Ticks, time = 35781 |
|
2 | |
| Get Time | type = Ticks, time = 35796 |
|
2 | |
| Get Time | type = Ticks, time = 35812 |
|
1 | |
| Get Time | type = Ticks, time = 35828 |
|
3 | |
| Get Time | type = Ticks, time = 36046 |
|
4 | |
| Get Time | type = Ticks, time = 36062 |
|
3 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
11 | |
| Get Info | type = Hardware Information |
|
1 |
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe" |
| Initial Working Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:01:56, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:27 |
| Information | Value |
|---|---|
| PID | 0xd94 |
| Parent PID | 0xd40 (c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D98
0x
D9C
0x
DA0
0x
E3C
0x
E48
0x
E54
0x
E60
0x
E64
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000001c0000 | 0x001c0000 | 0x001c1fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x001d0000 | 0x0028dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000290000 | 0x00290000 | 0x002cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002e0000 | 0x002e0000 | 0x002fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002e0000 | 0x002e0000 | 0x002effff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e4fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002e0000 | 0x002e0000 | 0x002e6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002f0000 | 0x002f0000 | 0x002fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000300000 | 0x00300000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000310000 | 0x00310000 | 0x00323fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000310000 | 0x00310000 | 0x0034ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000310000 | 0x00310000 | 0x00310fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000320000 | 0x00320000 | 0x0035ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000360000 | 0x00360000 | 0x0039ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000003c0000 | 0x003c0000 | 0x003cffff | Private Memory | Readable, Writable |
|
|
|
|
| cversions.2.db | 0x003d0000 | 0x003d3fff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x003e0000 | 0x003e3fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| vworbzlbc.exe | 0x00400000 | 0x0043bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000400000 | 0x00400000 | 0x0040efff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000410000 | 0x00410000 | 0x0050ffff | Private Memory | Readable, Writable |
|
|
|
|
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000007.db | 0x00510000 | 0x00552fff | Memory Mapped File | Readable |
|
|
|
|
| propsys.dll.mui | 0x00560000 | 0x00570fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000580000 | 0x00580000 | 0x00580fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000590000 | 0x00590000 | 0x0068ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000690000 | 0x00690000 | 0x00817fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000820000 | 0x00820000 | 0x009a0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000009b0000 | 0x009b0000 | 0x01daffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001db0000 | 0x01db0000 | 0x01f1ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001db0000 | 0x01db0000 | 0x01eaffff | Private Memory | Readable, Writable |
|
|
|
|
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db | 0x01eb0000 | 0x01ec8fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001ed0000 | 0x01ed0000 | 0x01f0ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001f10000 | 0x01f10000 | 0x01f1ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x01f20000 | 0x02256fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002260000 | 0x02260000 | 0x03268fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003270000 | 0x03270000 | 0x0336ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003370000 | 0x03370000 | 0x0346ffff | Private Memory | Readable, Writable |
|
|
|
|
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db | 0x03470000 | 0x034fafff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003500000 | 0x03500000 | 0x0353ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003540000 | 0x03540000 | 0x03540fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000035f0000 | 0x035f0000 | 0x035fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003600000 | 0x03600000 | 0x036fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003700000 | 0x03700000 | 0x037fffff | Private Memory | Readable, Writable |
|
|
|
|
| iertutil.dll | 0x737d0000 | 0x73a90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x73aa0000 | 0x73acefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcrypt.dll | 0x73ad0000 | 0x73aeafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x73af0000 | 0x73b02fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mpr.dll | 0x73cf0000 | 0x73d06fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pcacli.dll | 0x73d10000 | 0x73d1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x73d20000 | 0x73e7ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x73e80000 | 0x73fc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x73fd0000 | 0x74044fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcryptprimitives.dll | 0x74050000 | 0x740a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x740b0000 | 0x740b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x740c0000 | 0x740ddfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| powrprof.dll | 0x74100000 | 0x74143fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x74150000 | 0x741e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shcore.dll | 0x74370000 | 0x743fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x74410000 | 0x74491fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x744a0000 | 0x7455dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x74560000 | 0x745a2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x745b0000 | 0x746cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel.appcore.dll | 0x746e0000 | 0x746ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x746f0000 | 0x74865fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x749e0000 | 0x74a8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x74a90000 | 0x74b79fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x74bd0000 | 0x74c05fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x74c10000 | 0x75fcefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| combase.dll | 0x76040000 | 0x761f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x762a0000 | 0x7638ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.storage.dll | 0x76390000 | 0x7686cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x76870000 | 0x76877fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x76880000 | 0x768cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x768d0000 | 0x76942fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76960000 | 0x76a9ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76aa0000 | 0x76acafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x76ad0000 | 0x76adefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76c00000 | 0x76c43fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76c50000 | 0x76ccafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76f40000 | 0x7708cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77090000 | 0x77208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007fea7000 | 0x7fea7000 | 0x7fea9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007feaa000 | 0x7feaa000 | 0x7feacfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007fead000 | 0x7fead000 | 0x7feaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fff470fffff | Private Memory | Readable |
|
|
|
|
| ntdll.dll | 0x7fff47100000 | 0x7fff472c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007fff472c2000 | 0x7fff472c2000 | 0x7ffffffeffff | Private Memory | Readable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Control Flow | #11: c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe | 0xd44 | os_tid = 0xd98, address = 0x770faef0 |
|
1 |
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\Public\AE09C984DF6E74640B3271EADB5DD7C65FDE806235B2CDA478E0EFA9129C09E7 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\hiberfil.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\pagefile.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\swapfile.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\Favorites.vssx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\8-smyN.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SecurityPreloadState.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDB.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDB.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDBres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDBres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\vedatamodel.edb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\AdobeARM.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\W8nb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\nss8BF6.tmp\System.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\nss8BF6.tmp\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{241d7c96-f8bf-4f85-b01f-e2b043341a4b}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{33C56305-BA7B-48E0-9784-2D05E3F5D27E}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{728047C0-00D2-4FDB-A069-06338B92E93B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{7940ACF8-60BA-4213-A7C3-F3B400EE266D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{A88F43D0-B9C8-42F2-B9F3-90902FC0B22B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{E2E2F6CF-9D1A-4004-8999-8AB81010B5AC}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Proxy_Automatic_Config_Group.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsChangeAccountPicture.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupAppSizesList.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupAutoplayDefaults.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupDataSenseMainPageOverview.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupDataSenseMainPageSettings.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessFilterKeys.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessNarrator.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessOSK.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessOther.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessStickyKeys.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessToggleKeys.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupFamilyUsers.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupInputMouse.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupLockScreenPreview.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupMapsUpdates.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupNotificationsAppList.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemDeviceEncryption.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemSupportInfo.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemWindowsInfo.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPen.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPersonalizeColorChoose.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPicturePassword.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepDisplayOff.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepDisplayOffAoAc.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepSleep.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPrivacyLocationHistory.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupRegionDateTimeFormats.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupSpeechMicrophone.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupVirtualDesktops.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupYourAccount.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsManage.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsPicture.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsSync.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsUsers.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageActivate.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaults.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaultsFileExtensionView.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaultsProtocolView.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsNotifications.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageBackground.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageBatterySaver.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageColors.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDataSenseOverview.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDevicesPen.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDevicesPrinters.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessClosedCaptioning.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessHighContrast.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessKeyboard.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMagnifier.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMoreOptions.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{17468BC4-3ACB-4D2A-98C2-B0B7B4EF29E6}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{17cd9488-1228-4b2f-88ce-4298e93e0966}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1845AA13-3644-4FBC-B766-EEEF29683256}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1928DA28-C5A7-4F13-AF81-8238D57A793F}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1a4635ec-181d-45ae-b691-bc75bec02756}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1A5712E4-AAD7-4717-B22A-CF0B8438E2E6}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1BDB99DF-3832-49D6-9AE0-52105DB568DA}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1DD03EE3-FC46-456A-8632-B0717A9D497D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{201CEF4B-7444-4B2F-B885-5E8F0AA1D614}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{207D6BD2-A09B-406f-8A72-BC90C49FC152}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{21A5437E-D266-4F56-A146-06744A8BC071}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{232A1851-808C-4B44-A92A-38E862989CE5}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{29B87534-19A8-4A39-AA81-2148E7DE5894}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{2B6FE85A-C7AA-440F-B9A3-3F5EDCA3F6C2}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{2D06D17B-2A5F-4835-AF30-6D2D58A4A66C}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{30137454-0E1F-43bb-9CB8-AEF452964B0B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{31DD3DA1-ED44-4BA8-A67B-6EA93DEA77E7}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{33843DB0-24E7-4682-A019-5393D7F2BFFA}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{33F1F9B5-BD94-4D77-96AE-62F10E4A010A}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{36C8B34B-83F9-4704-B817-9AB1A723705A}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{36fb1658-3a23-4d62-9bfd-37f4b18a85e9}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37092408-D49C-451D-B56D-78B243DC475C}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37C361D8-51CD-40fa-A797-8FC1EA28F9F4}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37E2F32E-C821-4094-B429-2B4E8EA810AA}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{38bd6d6e-bf78-4c31-b05a-7447ee37669f}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3911D4F8-AD61-4911-A151-5682C26A7427}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3A100872-EC27-46A5-BBCC-92C90635AE3B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3A4140C8-50D3-44E9-BF50-C878204DE0F5}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3F0AD6DB-3246-48E4-ACD7-696FF62AE68D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4026492f-2f69-46b8-b9bf-5654fc07e423}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{40419485-c444-4567-851a-2dd7bfa1684d}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{420C524A-2A76-43F7-B1B2-C3CF736557C7}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4228F99D-227F-4058-9EA3-BB2B616D7444}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{45FDB5DF-1457-4A41-A824-7AD9C75767BC}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{46E84184-51CC-4A7B-A40A-6D3E86D402DE}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4A2F952E-0618-467F-ADC5-FEBB66AEB82F}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4BCD16D0-BA72-4F0D-88F9-50D912BFA2B2}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4F9B0706-0A8F-45B0-BFA6-C66CD45246D7}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{50DF4F13-4188-49C3-B2FB-A76404DC0ACF}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5163E94E-4C07-420B-B173-320232B8AFB7}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{53440D79-CD2D-4013-B192-D478AE882E53}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{54692DB7-FC98-4D5E-AC15-CC5095FA5669}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{54D8069E-E75A-4437-B45B-8EB3B8C97434}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5530E8CC-1B9E-4798-A880-BA719ADFBBBD}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{55E51B6E-7D17-4C80-859E-3007A1F2B6AA}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{58e3c745-d971-4081-9034-86e34b30836a}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5902614C-D9C7-4902-9F7F-BAF85454D0B2}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5A2C0E5E-5974-4E44-B4C6-AD4C2B6BAF53}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5BB16858-F647-465E-BCFD-010EE9DD41B7}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5D461B44-2753-4DD7-B2C0-BAB71B1F4C1A}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5D611F64-7985-459B-BDFF-AEC069CB2625}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5DD91132-02E8-43F6-88BD-E50B7BE2EF29}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5DE5B491-2CEA-4AD9-824A-982A22C0B64E}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5ea4f148-308c-46d7-98a9-49041b1dd468}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5FFAA809-0961-40CF-90A4-58037867FA50}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{60AC7FA0-A928-4D45-B4DD-AC70A6175E67}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{60C811E8-C857-404E-98BB-EE5D83C1DF5A}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{62d8ed13-c9d0-4ce8-a914-47dd628fb1b0}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{638f8e21-e157-40d7-97e0-a0c8e4c4e2b5}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{63929D0B-AAAC-4DCA-AE8A-222EC37F7A88}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{641102EF-6463-46E9-842D-176013D7ACC8}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6775CCA4-CC42-44F7-800C-4E94FF1EA8C0}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{67ca7650-96e6-4fdd-bb43-a8e774f73a57}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\classic_{685e7dc2-db57-4ed0-8b6d-5fe44d78d4f0}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{68F4F33C-658C-4278-94C1-22B8E653F3E8}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{693E4EF4-9060-469B-AB2E-948B6B68A883}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{693E4EF5-9060-469B-AB2E-948B6B68A883}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6A10BC7B-2586-4B57-A5AA-C14BDE743DC4}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6AE88B06-50B2-46B0-93EA-4B5C73D3A0B5}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6CA1F1CE-1FED-4D96-A82E-08CEDB139AA3}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6CBA2898-2EFE-4604-9933-F1F64DAE2A32}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{71D0780F-10D2-459C-983B-94A642161220}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{725be8f7-668e-4c7b-8f90-46bdb0936430}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{73C9C58C-2E01-4F68-B1B9-7A4DD2EF71F7}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7429F4F9-AE58-401a-82AD-723F3C6BDDD6}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{75AC9145-7EC9-4883-82A7-AD3429020AA0}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{76F31A78-3FDA-4F80-B015-95CFD81463AD}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7a4d0c5d-51ad-443e-87c7-66b757586c56}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7ABBE8E6-757F-419A-B2E0-07D5694F8E0F}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7B086E4E-366C-454A-85CC-B8B533482B10}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7C3E0552-96E2-4069-AC1C-208C146683CA}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7D13A5DB-6081-48BD-8EA3-A9D7FE67A335}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7DE6CF7C-B699-421B-A808-139E798E6C64}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7E5BC096-F558-419A-9326-BC6414D592C3}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7F8B6C83-2A89-47A0-B334-AA58D042CDEC}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8050502B-9B94-408C-BF49-D2D8887C1BCF}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{80f3f1d5-feca-45f3-bc32-752c152e456e}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{821FB666-D307-4865-86BB-68725A30999C}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{84C9670E-825D-4128-B173-2963886C5A3E}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8562B9B8-812D-420C-9189-DC216D788A49}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{875FE7D6-5BDF-496F-B349-91E5E3625B86}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8774b87d-a2b4-49a0-8237-bfefd00646c2}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{87842A7E-D784-458d-BEF4-CFDC632DCF3E}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{87d66a43-7b11-4a28-9811-c86ee395acf7}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{886EDAFC-1051-483F-8AE2-904087A7E580}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{88C9D04D-39DD-41EE-A63B-23218D69717F}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8902C92D-5AB7-433B-9065-3F55F8334E29}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{895607E0-D0F9-48bd-B19E-96FBE9BBDCF9}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{89A2270D-DF2E-4172-8BA5-159D6AD00C15}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8bb27ec5-5cb3-4781-baee-3439df4806e4}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8D58F804-9520-4208-A527-7C2B6CB77B33}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8E0C279D-0BD1-43C3-9EBD-31C3DC5B8A77}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8E21794E-9303-44C5-A493-C3DC53C0E463}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8e908fc9-becc-40f6-915b-f4ca0e70d03d}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{906435EC-336D-4B77-BCD6-397DE8318852}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{907F262A-012A-4F6A-94C9-F479F3E6EE16}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{90ab71ce-bab6-4ca2-84fe-629338405756}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{91BA8E01-F854-4418-A108-E63323DDAE60}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9389633E-8BCB-4448-93CD-EBFFA0759257}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9430DB91-B966-4971-A955-E3DBA1F889E7}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{944A41B9-C0FD-41AE-A6DF-5AC4FE5A59B4}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{950fd00b-c4a9-4465-852a-b1eb51e2e7f6}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{955E7FFD-4DD9-4124-96FC-86C3C653DD33}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{96BC4455-FDA3-4DE2-8B71-9D1953F0B32D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{96DF8B78-8299-4BC1-B56B-6C375FBEC228}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9891D47B-7E37-4265-BAD2-1FA991543B90}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{98CCA0B9-CF6C-4FFD-98E1-87BFEDDD4D21}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9B802EF5-59B7-4974-9022-06DC2A9B1677}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9BA8A9A5-F1C1-4F09-AE9A-EFEAA5961BE3}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9C39057F-5CE5-4BAB-BE61-2957A12EEC52}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9c60de1e-e5fc-40f4-a487-460851a8d915}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9c73f5e5-7ae7-4e32-a8e8-8d23b85255bf}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9EF86966-2F35-49BE-A9F6-398E0B844411}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9fe63afd-59cf-4419-9775-abcc3849f861}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a0275511-0e86-4eca-97c2-ecd8f1221d08}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A10DFF38-B2D2-44AC-952B-A2B5DC5D0C9F}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a3dd4f92-658a-410f-84fd-6fbbbef2fffe}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A42E8D99-83E6-4D12-B403-F46059D02CF0}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A7160DE5-E591-4D98-9BB0-0CAC99D5F2D5}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A73DCDB5-E233-4FC2-8083-6E431939002A}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a8a91a66-3a7d-4424-8d24-04e180695c7a}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AA9D2032-E8FB-4f8c-99C9-09F539AEBD59}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AACA901F-E74F-4894-B074-F55059532853}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AAF384A9-978C-41B6-B394-0C40C2EAAA4B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ABB4509D-9043-4EF2-8796-E4646ECF951D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AF3BA0EC-B240-401E-B4EE-3E89F275205B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B0B4886C-4B31-4824-ADCD-0DAF5C8BAFF6}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B1207959-FFBF-4417-A6B1-4BF0EDA51F5A}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B123B0AB-2E4E-4325-804A-32F99784DA0B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B1FE5142-DEDD-409B-BCC8-547EC08DE84E}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{b2c761c6-29bc-4f19-9251-e6195265baf1}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B3C577FA-7C51-4259-A1C4-088BD0B0932E}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B6B2793F-F4B9-49FD-B578-212C3C020892}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B7622F10-9A47-4BF2-B6EF-2C20B4510254}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B896819B-CF73-4da0-8F59-6E744A6BCD5F}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B935C3B6-969C-4FC2-B96C-7F06794471AF}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B98AD935-426A-482B-9383-ED7D8BB99A6F}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BABB24A6-0242-4AE5-BD83-C5816526F63D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bb06c0e4-d293-4f75-8a90-cb05b6477eee}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bb64f8a7-bee7-4e1a-ab8d-7d8273f7fdb6}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BD256B65-94BE-4194-84BF-41D50D0EF26E}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bd84b380-8ca2-1069-ab1d-08000948f534}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{be122a0e-4503-11da-8bde-f66bad1e3f3a}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BEC9E135-14C1-4e00-B5C8-899F26833A5A}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bf782cc9-5a52-4a17-806c-2a894ffeeac5}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C16A18A2-DC4F-4B7D-92F1-14C430AD17DC}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C3915CF9-A3D9-4EFD-B209-62C05793EE0F}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C3F521C1-249F-48FD-9D9D-731EA4568776}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C5361E07-6AA3-4453-81BC-93E8F85EABED}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{c555438b-3c23-4769-a71f-b6d3d9b6053a}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{c58c4893-3be0-4b45-abb5-a63e4b8c8651}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C5AE651D-D027-4D11-8125-595B9933C78B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C7C81DAD-835C-45B0-9632-60F3EB5D55AC}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C86B1923-8E1F-414B-83DB-94B09BA73E15}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CD2A5953-36A2-427D-B762-3610F37A5D89}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CD95D0E3-6B3A-495B-9FDA-57FAD586304D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CE4F7091-EEC0-400E-A019-38503D525293}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CF081448-68EC-4969-9F8B-BB23B329B712}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d17d1d6d-cc3f-4815-8fe3-607e7d5d10b3}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D1AF7F5F-18C1-4143-81E5-EDAF02255883}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d20ea4e1-3957-11d2-a40b-0c5020524153}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D4690CFE-6A59-4BAB-BFF7-9ED0D083E798}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d555645e-d4f8-4c29-a827-d93c859c4f2a}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D5BAC999-E706-4311-9DB0-86E117B1FD25}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D5D5B38A-0FD8-43B6-8C7D-372D84BD357D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D652F9E4-08FD-4A24-8EAC-05715188233E}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D679D992-D843-4D3C-BFEA-5EDF4D37EE9F}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D825FEC7-DA3D-456A-BEF2-20F07BA0449E}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D995F7E9-727D-4AD6-83F3-A4A753965A8F}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d9ef8727-cac2-4e60-809e-86f80a666c91}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{da9f1e02-aa94-40bf-b3cd-030231a10acc}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DAF32862-EF3D-4D61-AB92-47AEB51DDC80}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DD338333-7000-45CC-A84D-64680D6E683D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DDF23EF5-6677-42C1-92CB-29BDCB7375B8}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DF7B19EF-DEA5-47D7-BBA5-9FCBE400A59D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E00117F3-53BA-4E06-B9BF-B8E22A1469E6}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E07F215A-6022-40E0-A109-17078992E5F9}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E2394C16-F45A-496F-83CC-49E163281662}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{e2e7934b-dce5-43c4-9576-7fe4f75e7480}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E4B554C8-B067-4540-A478-0565BB1F76B9}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E6243488-3449-4D4D-98AA-FFC14E3FF0F8}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E79BCB1B-EEB7-4180-98FD-BD47F6DCFF79}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{e9950154-c418-419e-a90a-20c5287ae24b}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E9C71548-B580-43B2-ACDB-1BA924002754}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EBEC2956-F512-474D-8631-9E753CC40653}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ecdb0924-4208-451e-8ee0-373c0956de16}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ED0FF627-BFD1-4F68-9A74-974E73F41A3A}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ed834ed6-4b5a-4bfe-8f11-a626dcb6a921}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EE423D17-7ED8-4B33-9555-C23DEEAFB4B6}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EE439E7E-CE1E-4ABE-9EA8-50F12ED01FE0}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EF462183-352B-4DCF-811C-07FA7CFCD5AC}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EF8F379B-747B-4C8E-B3D1-4A29E6CF45AE}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EFACECBA-BCCD-468B-BAB3-7CA40A898982}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F025B6FD-D1CA-4a32-9BEB-DBEF1D2F6926}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F0E02D62-6C1D-4eb3-AC47-F8401425C6BC}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F120B10E-C882-4613-955F-B4DF13C6E803}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f2ddfc82-8f12-4cdd-b7dc-d4fe1425aa4d}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F2E71049-6F88-4A3B-9475-5A2B40B36092}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F3FD1F8E-B34A-49AE-95B9-5DBEAB5BFB49}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f56fbb39-e6d9-4b6d-9c29-ae82cff2925f}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f6b6e965-e9b2-444b-9286-10c9152edbc5}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f82df8f7-8b9f-442e-a48c-818ea735ff9b}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F96E2F30-2018-4F0E-BBEE-7CCBEE8CE714}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FADA4BFB-4853-4547-B70F-1B565E7D907B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FD4FB8FA-F752-4E78-933B-8969E18BC9B5}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FE777427-D33C-485B-A414-3BD5A2943162}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FEBB9292-6110-4B9E-8565-91C4076E0A43}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FEFF8F5D-EB40-485d-AC2A-EB7942DDF624}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FFA33B6C-DC4D-438C-893F-EBF44A09BFC0}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\ControlPanel.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\CortanaSettings.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_0_FlashPlayerCPLApp.cpl.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{025A5937-A6BE-4686-A844-36FE4BEC8B6D}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{60632754-c523-4b62-b45c-4172da012619}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{6C8EEC18-8D75-41B2-A177-8831D59D2D50}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{7b81be6a-ce2b-4676-a29e-eb907a5126c5}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{96AE8D84-A250-4520-95A5-A47A7E3C548B}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{B98A2BEA-7D42-4558-8BD1-832F41BAC6FD}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{F942C606-0914-47AB-BE56-1321B8035096}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\SettingsPane_{4B719A8A-CE18-4033-BE59-1083B40F25B7}.settingcontent-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.ContactSupport_cw5n1h2txyewy\Windows.ContactSupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.ContactSupport_cw5n1h2txyewy\Windows.ContactSupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.ContactSupport_cw5n1h2txyewy\Windows.ContactSupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.ContactSupport_cw5n1h2txyewy\Windows.ContactSupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.10841.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.10841.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.10841.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.10841.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Microsoft.WindowsSoundRecorder_10.1506.15100.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Microsoft.WindowsSoundRecorder_10.1506.15100.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Microsoft.WindowsSoundRecorder_10.1506.15100.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Microsoft.WindowsSoundRecorder_10.1506.15100.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Microsoft.WindowsPhone_10.1506.20010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Microsoft.WindowsPhone_10.1506.20010.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Microsoft.WindowsPhone_10.1506.20010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Microsoft.WindowsPhone_10.1506.20010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Microsoft.WindowsFeedback_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Microsoft.WindowsFeedback_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Microsoft.WindowsFeedback_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Microsoft.WindowsFeedback_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Microsoft.Windows.ParentalControls_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Microsoft.Windows.ParentalControls_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Microsoft.Windows.ParentalControls_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Microsoft.Windows.ParentalControls_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\EJEHAMU5.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\MSIMGSIZ.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\apps.18396.9007199266244209.fa7ca9c1-d3a4-4eac-8c88-d73453e5d352[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\apps.28613.9007199266247640.e66db940-c7c0-4b3c-8b72-fc5046092266[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\apps.40721.13510798885083716.d6e04241-8ff4-41b0-a3a3-43b1ced6a08f[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\apps.48711.9007199266245096.7eed2a71-671f-4c26-9d68-6141c842f285[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\apps.55454.9007199266251611.8dc5de70-2b9f-4603-9d21-3f915579a269[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\zinc[1].htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\zinc[2].htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\0a5c1b58[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\2dd47e28[2].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\apps.18578.9007199266246289.6f80413a-747a-465c-b810-b44f77d3084f[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\apps.4100.9007199266251606.ae3c4a65-bf6f-4459-94e4-f5be923c9a5f[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\apps.46520.13510798887155710.5365405a-2cb4-48a2-a90e-8ae898fcabf1[1].jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\apps.58775.9007199266677760.2c69fa74-238e-4e64-af60-87ffbeed7326[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\f18fc33f[1].css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\apps.40361.9007199266251851.16146db2-5f86-4fcc-852d-95bf0325db35[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\e6e099c1[1].css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\threshold[2].appcache | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\th[1].jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\th[2].jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\apps.15191.9007199266251530.cc19d652-3ab6-4535-a2c7-c576698c252d[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\apps.24307.9007199266288952.82b35dd7-0a28-4339-a027-0c1d7303f65b[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\apps.4415.9007199266394310.e7a8b9d9-3bd7-4aed-98a9-eb467c12dfda[1].png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\e8bd5198[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\th[1].jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\zinc[1].htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\17bd1fca[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\1acd62c3[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\284df389[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\3775eb01[1].css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\3e533cad[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\4c68d3b2[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\74843a82[1].css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\85441a2e[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\916eb510[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\932ee198[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\a137b088[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\appcache[1].man | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\b99bbd2f[1].css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\c71b7416[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\ca2ffdc0[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\ce6a624f[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\e4709542[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\e48237f6[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\e994e448[1].css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\f544a93b[1].css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\15\Init[1].htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Microsoft.Windows.ContentDeliveryManager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Microsoft.Windows.ContentDeliveryManager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Microsoft.Windows.ContentDeliveryManager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Microsoft.Windows.ContentDeliveryManager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Tips\1e6d17e6-5b84-4acc-aaa5-b8802c667d4a_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Tips\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Tips\1e6d17e6-5b84-4acc-aaa5-b8802c667d4a_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Tips\7a0c8c7f-1fe2-4e97-ac34-3223b26f0318_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Tips\7a0c8c7f-1fe2-4e97-ac34-3223b26f0318_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Tips\e25db1fd-8c25-47cf-8c91-668b6d7de9f2_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Tips\e25db1fd-8c25-47cf-8c91-668b6d7de9f2_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\214513\eventbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\214513\imprbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210509\eventbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210509\imprbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210469\eventbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210469\imprbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\1500601998 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\eventbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\imprbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209809\eventbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209809\imprbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209776\eventbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209776\imprbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209562\eventbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209562\imprbeacons.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\001107b94f5293b397165f26d15a256e62b7d4a8a9228f3093ac37da2be5b24f | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2bed4133f7a5cd078ac3c621dfa8e6362121ce0928c026612a1f1ddf4f99a370 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2d8669052d2b7df8dd4b9607f2379c68aea752aafe0def6d5ce226264835a7ca | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a53c604f9aa7fa34010083e9e398486423e851c704b4d50043aaf2a8574d9b2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a65241e49133a96904d70724844acb053dc753d3ab27f93e89f8059cbccdb92 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\440989d816ce3a311a914b13a22ba992f95690849d761ffa5caab5959db0c921 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\7053f8c6068c46e40f1016f56c5a556103340ef5fe7752801b7744069ae0f861 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8567d7efc6dd43319b076ebebb98cc2abd2520838a9ebd41597e4052b4bd2a22 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\86f03f60d39829e5fba5aa195da9eedb1ad88e99410bf7fa169d1558aaf35bdd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\91dd86d2e068177d1504451bc4f923d177183c305ba3a521ebe87a3ca889ed90 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\d6f3a2f0c0f5d4ad6cab70713323cac7710e91ff13667b2200b6b800881ac10f | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\f7df316937e894c20be9f8a6fc118847e60ea2dfe33cc1924f24346307e2b268 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.Windows.CloudExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.Windows.CloudExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.Windows.CloudExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.Windows.CloudExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Microsoft.Windows.AssignedAccessLockApp_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Microsoft.Windows.AssignedAccessLockApp_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Microsoft.Windows.AssignedAccessLockApp_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Microsoft.Windows.AssignedAccessLockApp_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Microsoft.People_1.10159.0.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Microsoft.People_1.10159.0.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Microsoft.People_1.10159.0.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Microsoft.People_1.10159.0.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.4218.23751.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.4218.23751.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.4218.23751.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.4218.23751.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.edb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{3D88D67F-6818-11E7-9BD3-C40142ECDE47}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{3D88D681-6818-11E7-9BD3-C40142ECDE47}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DownloadHistory\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DNTException\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbtmp.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P1T4DCFU\www.msn[1].xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P1T4DCFU\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM\www.bing[1].xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\1ab36a6a[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\1acd62c3[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\236a1503[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\36a8ead3[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\3727cd16[1].css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\41795194[1].css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\9101d3f2[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\appcache[1].man | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\d11fd6a0[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\f544a93b[1].css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\f682f456[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\fce27fce[1].js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\Init[1].htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Microsoft.LockApp_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Microsoft.LockApp_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Microsoft.LockApp_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Microsoft.LockApp_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Microsoft.Getstarted_2.1.9.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Microsoft.Getstarted_2.1.9.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Microsoft.Getstarted_2.1.9.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Microsoft.Getstarted_2.1.9.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Microsoft.BioEnrollment_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Microsoft.BioEnrollment_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Microsoft.BioEnrollment_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Microsoft.BioEnrollment_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\ActivationStore\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\postSigningData | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\directoryLinks.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\frequencyCap.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\_CACHE_CLEAN_ | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\0e292d2be40784b709a96299f7f56c4c.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\28c9257769b2913b70283ca4759e2034.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\2bf8db03609478000e25532b94a93e81.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\5d432dc88d56856d87faecfa9b48853b.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\77ec32dc2bee35c0b759503a76ed5b66.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\b6dc1948244e7e4562c9356a0052d7af.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\e214427ea25af5774381fe2c2582382e.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\startupCache\startupCache.4.little | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\startupCache\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\base-track-digest256.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\base-track-digest256.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\goog-badbinurl-shavar.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\goog-badbinurl-shavar.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\goog-downloadwhite-digest256.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\goog-downloadwhite-digest256.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\goog-malware-shavar.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\goog-malware-shavar.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\goog-phish-shavar.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\goog-phish-shavar.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\goog-unwanted-shavar.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\goog-unwanted-shavar.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\mozplugin-block-digest256.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\mozplugin-block-digest256.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\mozstd-trackwhite-digest256.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\mozstd-trackwhite-digest256.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-block-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-block-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-flash-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-flash-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-flashallow-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-flashallow-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-flashsubdoc-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-flashsubdoc-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-malware-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-malware-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-phish-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-phish-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-track-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-track-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-trackwhite-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-trackwhite-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-unwanted-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\test-unwanted-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\testexcept-flash-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\testexcept-flash-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\testexcept-flashallow-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\testexcept-flashallow-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\testexcept-flashsubdoc-simple.pset | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\safebrowsing\testexcept-flashsubdoc-simple.sbstore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\OfflineCache\index.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\OfflineCache\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\4mkHR_p+Wn_2AEZoGYTTQQ==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\asRZLAIfRhwB7KZygffeFA==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\d+wy3CvuNcC3WVA6du1bZg==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\DiktK+QHhLcJqWKZ9_VsTA==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\dLcXOMhmEiiUNPBG1nL8Ew==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\GNtk5OH7OPlVUCH7Ue1nuw==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\iNtr8V5+A8pq96nV92I9rg==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\KMkld2mykTtwKDykdZ4gNA==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\KykeNQT8cz0GP+hqz5mIpw==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\kZbAJfgDibZzMvDTka320Q==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\K_jbA2CUeAAOJVMrlKk+gQ==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\mgDer72BXyCa3ilaVifttQ==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\obXqSkYxtPxKEzhnvwJwjg==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\ttwZSCROfkViyTVqAFLXrw==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache\XUMtyI1WhW2H+uz6m0iFOw==.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\index | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\index.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\00230E843D3A08B230E933E226DB601D643BC852 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\Read___ME.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\00396519A728CAF55BA5985F2822E3CD29D0B17E | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0070686314FCF810B3CEE062939E2805C4894837 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\01936D44B3D7F728EFEB4C28574EF44AB7260A17 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\01CC9F4D43A947CA6202BA62A7FFF28C6881C1BF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\01D69525274B61DE5FF860EF9BDF5BEDBB7E52C6 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\023DB71E21A04D5A6CE60A1EC2C15A40BE00DD08 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\02556929CF2E7913AF6E896368676F9BEC324DF4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\025E6C3190211A09D15D92E5656FB71220B7737E | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0396D4FE028249B03B952ECAC5BDC2698D7AC41D | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\04407A80544B9CDDB0BF74A9C5090D338DED55E6 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\04825B72BD3FF3B25000EE8B3660F3E1748CF56D | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\04DDA15772BB1EBE40F174D3D0AD961AB0D85881 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\04E42D40E9FF818034B152EBBD5D2648E474B06E | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\053023C6ABE9799C7CBA3D16BB67C1B7F7B0D8A0 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\062AD3657B516BAF21B6D366104D405078541BA6 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\073B56D883E94B03370493A96DF99C2B51FB3E9D | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0782E7F698BE212FDCB80D8DE2C97C611AE50DFF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\085CFB45496B3087ABCB8ABD8529B3EB41D17C27 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0A1144B8734850F5325AA6C259041EA8A201062C | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0A774848D5BE9E32A6789642784FD4DAFCD580F5 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0A9B36C9F5BCA2621C56BD4B714A9141238CF27D | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0ADCF0E2A022CEDF8D199ED2889DB295128C4E25 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0B55D23F82EE119DC0472267436CD5F2868E3B14 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0BCD5C644E4A81783F24DB39416D1CE0CA0C3015 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0CFEB549E537F8B2151A62BA069AE7A6D363BB90 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0D1B36E62742C7776D68B1240296D02DFD6478FF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0D83D658A0C069047F6B9FD30BFDEDD80863B5F0 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0E030AE41B2AB97664B455929A8A0721BA5D1F69 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\0E331C2EF53B5C952B79B038C00588087D45A128 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
|
For performance reasons, the remaining 4002 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | value_name = BrowserUpdateCheck, data = 192 |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | value_name = BrowserUpdateCheck, data = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe, size = 102, type = REG_SZ |
|
1 |
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\tmpAD23.tmp.bat | os_pid = 0xe40, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | show_window = SW_HIDE |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe, size = 2048 |
|
2 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
1 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = temp, result_out = C:\Users\CIIHMN~1\AppData\Local\Temp |
|
1 | |
| Get Environment String | name = appdata, result_out = C:\Users\CIiHmnxMn6Ps\AppData\Roaming |
|
1 | |
| Get Environment String | name = public, result_out = C:\Users\Public |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 |
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /c C:\Users\CIIHMN~1\AppData\Local\Temp\tmpAD23.tmp.bat |
| Initial Working Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:03:03, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:20 |
| Information | Value |
|---|---|
| PID | 0xe40 |
| Parent PID | 0xd94 (c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E44
0x
E70
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000005e0000 | 0x005e0000 | 0x005fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000005e0000 | 0x005e0000 | 0x005effff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000005f0000 | 0x005f0000 | 0x005f3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000600000 | 0x00600000 | 0x00601fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000600000 | 0x00600000 | 0x00603fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000610000 | 0x00610000 | 0x00623fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000630000 | 0x00630000 | 0x0066ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000670000 | 0x00670000 | 0x0076ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000770000 | 0x00770000 | 0x00773fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000780000 | 0x00780000 | 0x00780fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000790000 | 0x00790000 | 0x00791fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000007a0000 | 0x007a0000 | 0x007dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000007e0000 | 0x007e0000 | 0x007effff | Private Memory | Readable, Writable |
|
|
|
|
| cmd.exe.mui | 0x007f0000 | 0x00810fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000830000 | 0x00830000 | 0x0083ffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x00840000 | 0x008fdfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000009d0000 | 0x009d0000 | 0x00acffff | Private Memory | Readable, Writable |
|
|
|
|
| cmd.exe | 0x00ba0000 | 0x00beffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000bf0000 | 0x00bf0000 | 0x04beffff | Pagefile Backed Memory | - |
|
|
|
|
| private_0x0000000004bf0000 | 0x04bf0000 | 0x04ceffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004e70000 | 0x04e70000 | 0x04e7ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x04e80000 | 0x051b6fff | Memory Mapped File | Readable |
|
|
|
|
| cmdext.dll | 0x74040000 | 0x74047fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcryptprimitives.dll | 0x74050000 | 0x740a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x740b0000 | 0x740b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x740c0000 | 0x740ddfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x744a0000 | 0x7455dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x74560000 | 0x745a2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x746f0000 | 0x74865fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x749e0000 | 0x74a8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x762a0000 | 0x7638ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x76870000 | 0x76877fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x76880000 | 0x768cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x768d0000 | 0x76942fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76c50000 | 0x76ccafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77090000 | 0x77208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007fc00000 | 0x7fc00000 | 0x7fcfffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007fd00000 | 0x7fd00000 | 0x7fd22fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007fd28000 | 0x7fd28000 | 0x7fd2afff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007fd2b000 | 0x7fd2b000 | 0x7fd2bfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007fd2c000 | 0x7fd2c000 | 0x7fd2cfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007fd2d000 | 0x7fd2d000 | 0x7fd2ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dff470fffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x00007dff47100000 | 0x7dff47100000 | 0x7fff470fffff | Pagefile Backed Memory | - |
|
|
|
|
| ntdll.dll | 0x7fff47100000 | 0x7fff472c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007fff472c2000 | 0x7fff472c2000 | 0x7ffffffeffff | Private Memory | Readable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\tmpAD23.tmp.bat | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\tmpAD23.tmp.bat | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
3 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\tmpAD23.tmp.bat | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\tmpAD23.tmp.bat | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp | type = file_attributes |
|
2 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | - | type = file_type |
|
3 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\documents | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
1 | |
| Get Info | Default.rdp | type = file_attributes |
|
2 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
21 | |
| Open | STD_INPUT_HANDLE | - |
|
11 | |
| Open | - | - |
|
8 | |
| Open | - | - |
|
12 | |
| Open | - | - |
|
8 | |
| Open | - | - |
|
6 | |
| Open | STD_ERROR_HANDLE | - |
|
6 | |
| Read | - | size = 8191, size_out = 445 |
|
1 | |
| Read | - | size = 8191, size_out = 434 |
|
1 | |
| Read | - | size = 8191, size_out = 393 |
|
1 | |
| Read | - | size = 8191, size_out = 304 |
|
1 | |
| Read | - | size = 8191, size_out = 219 |
|
1 | |
| Read | - | size = 8191, size_out = 140 |
|
1 | |
| Read | - | size = 8191, size_out = 111 |
|
1 | |
| Read | - | size = 8191, size_out = 85 |
|
1 | |
| Read | - | size = 8191, size_out = 67 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 60 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 33 |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 208, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\vssadmin.exe | os_pid = 0xe74, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\system32\reg.exe | os_pid = 0xe8c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\system32\reg.exe | os_pid = 0xe98, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\system32\reg.exe | os_pid = 0xea4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\system32\attrib.exe | os_pid = 0xeb0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xba0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x762a0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x762e2780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x762bfa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x762ba790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x748035c0 |
|
1 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
20 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
11 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
12 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = userprofile, result_out = C:\Users\CIiHmnxMn6Ps |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIIHMN~1\AppData\Local\Temp |
|
1 | |
| Set Environment String | name = COPYCMD |
|
5 | |
| Set Environment String | name = =ExitCode, value = 00000002 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
5 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
2 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
2 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Documents |
|
1 |
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /c del C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe > nul |
| Initial Working Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:03:04, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:19 |
| Information | Value |
|---|---|
| PID | 0xe68 |
| Parent PID | 0xd94 (c:\users\ciihmnxmn6ps\appdata\roaming\vworbzlbc.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E6C
0x
ED4
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x00ba0000 | 0x00beffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000d70000 | 0x00d70000 | 0x04d6ffff | Pagefile Backed Memory | - |
|
|
|
|
| private_0x0000000004d70000 | 0x04d70000 | 0x04d8ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004d70000 | 0x04d70000 | 0x04d7ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004d80000 | 0x04d80000 | 0x04d83fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004d90000 | 0x04d90000 | 0x04d91fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004d90000 | 0x04d90000 | 0x04d93fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004da0000 | 0x04da0000 | 0x04db3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000004dc0000 | 0x04dc0000 | 0x04dfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004e00000 | 0x04e00000 | 0x04efffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004f00000 | 0x04f00000 | 0x04f03fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000004f10000 | 0x04f10000 | 0x04f10fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000004f20000 | 0x04f20000 | 0x04f21fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x04f30000 | 0x04fedfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000004ff0000 | 0x04ff0000 | 0x04ffffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005020000 | 0x05020000 | 0x0511ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005120000 | 0x05120000 | 0x0515ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005160000 | 0x05160000 | 0x0525ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000052a0000 | 0x052a0000 | 0x052affff | Private Memory | Readable, Writable |
|
|
|
|
| msvcrt.dll | 0x744a0000 | 0x7455dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x746f0000 | 0x74865fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x762a0000 | 0x7638ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x76870000 | 0x76877fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x76880000 | 0x768cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x768d0000 | 0x76942fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77090000 | 0x77208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007e740000 | 0x7e740000 | 0x7e83ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007e840000 | 0x7e840000 | 0x7e862fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007e865000 | 0x7e865000 | 0x7e865fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e867000 | 0x7e867000 | 0x7e869fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e86a000 | 0x7e86a000 | 0x7e86afff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e86d000 | 0x7e86d000 | 0x7e86ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dff470fffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x00007dff47100000 | 0x7dff47100000 | 0x7fff470fffff | Pagefile Backed Memory | - |
|
|
|
|
| ntdll.dll | 0x7fff47100000 | 0x7fff472c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007fff472c2000 | 0x7fff472c2000 | 0x7ffffffeffff | Private Memory | Readable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | nul | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\CIIHMN~1\AppData\Local\Temp | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vwOrbzLbc.exe | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 240, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xba0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x762a0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x762e2780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x762bfa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x762ba790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x748035c0 |
|
1 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIIHMN~1\AppData\Local\Temp |
|
1 |
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\syswow64\vssadmin.exe |
| Command Line | vssadmin.exe Delete Shadows /All /Quiet |
| Initial Working Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:03:04, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:19 |
| Remarks | No high level activity detected in monitored regions |
| Information | Value |
|---|---|
| PID | 0xe74 |
| Parent PID | 0xe40 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E78
0x
E7C
0x
E80
0x
E84
0x
E88
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| vssadmin.exe | 0x00c20000 | 0x00c3dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000f00000 | 0x00f00000 | 0x04efffff | Pagefile Backed Memory | - |
|
|
|
|
| private_0x0000000004f00000 | 0x04f00000 | 0x04f1ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004f00000 | 0x04f00000 | 0x04f0ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004f10000 | 0x04f10000 | 0x04f13fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004f20000 | 0x04f20000 | 0x04f21fff | Private Memory | Readable, Writable |
|
|
|
|
| vssadmin.exe.mui | 0x04f20000 | 0x04f2cfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000004f30000 | 0x04f30000 | 0x04f43fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000004f50000 | 0x04f50000 | 0x04f8ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004f90000 | 0x04f90000 | 0x04fcffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004fd0000 | 0x04fd0000 | 0x04fd3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000004fe0000 | 0x04fe0000 | 0x04fe0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000004ff0000 | 0x04ff0000 | 0x04ff1fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005000000 | 0x05000000 | 0x05000fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005010000 | 0x05010000 | 0x05010fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005020000 | 0x05020000 | 0x0502ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005030000 | 0x05030000 | 0x0506ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005070000 | 0x05070000 | 0x05073fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000005080000 | 0x05080000 | 0x05080fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000005090000 | 0x05090000 | 0x05090fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000050a0000 | 0x050a0000 | 0x0519ffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x051a0000 | 0x0525dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000005260000 | 0x05260000 | 0x0529ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000053e0000 | 0x053e0000 | 0x053effff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000053f0000 | 0x053f0000 | 0x05577fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000005580000 | 0x05580000 | 0x05700fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000005710000 | 0x05710000 | 0x06b0ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| rsaenh.dll | 0x73e70000 | 0x73e9efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcrypt.dll | 0x73ea0000 | 0x73ebafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x73ec0000 | 0x73ed2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| vssapi.dll | 0x73ee0000 | 0x73ffafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| vsstrace.dll | 0x74000000 | 0x74010fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| atl.dll | 0x74020000 | 0x74037fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcryptprimitives.dll | 0x74050000 | 0x740a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x740b0000 | 0x740b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x740c0000 | 0x740ddfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x74150000 | 0x741e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x74410000 | 0x74491fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x744a0000 | 0x7455dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x74560000 | 0x745a2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x745b0000 | 0x746cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel.appcore.dll | 0x746e0000 | 0x746ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x746f0000 | 0x74865fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x749e0000 | 0x74a8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x75fd0000 | 0x75fd6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| combase.dll | 0x76040000 | 0x761f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x762a0000 | 0x7638ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x76870000 | 0x76877fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x76880000 | 0x768cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x768d0000 | 0x76942fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76960000 | 0x76a9ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76aa0000 | 0x76acafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76c00000 | 0x76c43fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76c50000 | 0x76ccafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x76e80000 | 0x76edbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76f40000 | 0x7708cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77090000 | 0x77208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007e010000 | 0x7e010000 | 0x7e10ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007e110000 | 0x7e110000 | 0x7e132fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007e138000 | 0x7e138000 | 0x7e13afff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e13b000 | 0x7e13b000 | 0x7e13dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e13e000 | 0x7e13e000 | 0x7e13efff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e13f000 | 0x7e13f000 | 0x7e13ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dff470fffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x00007dff47100000 | 0x7dff47100000 | 0x7fff470fffff | Pagefile Backed Memory | - |
|
|
|
|
| ntdll.dll | 0x7fff47100000 | 0x7fff472c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007fff472c2000 | 0x7fff472c2000 | 0x7ffffffeffff | Private Memory | Readable |
|
|
|
|
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\syswow64\reg.exe |
| Command Line | reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f |
| Initial Working Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:03:04, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:19 |
| Information | Value |
|---|---|
| PID | 0xe8c |
| Parent PID | 0xe40 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E90
0x
E94
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000005e0000 | 0x005e0000 | 0x005fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000005e0000 | 0x005e0000 | 0x005effff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000005f0000 | 0x005f0000 | 0x005f3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000600000 | 0x00600000 | 0x00601fff | Private Memory | Readable, Writable |
|
|
|
|
| reg.exe.mui | 0x00600000 | 0x00609fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000610000 | 0x00610000 | 0x00623fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000630000 | 0x00630000 | 0x0066ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000670000 | 0x00670000 | 0x006affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000006b0000 | 0x006b0000 | 0x006b3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000006d0000 | 0x006d0000 | 0x006d1fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x006e0000 | 0x0079dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000007a0000 | 0x007a0000 | 0x007dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000007e0000 | 0x007e0000 | 0x007effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000007f0000 | 0x007f0000 | 0x0082ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000008f0000 | 0x008f0000 | 0x008fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000940000 | 0x00940000 | 0x00a3ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x00a40000 | 0x00d76fff | Memory Mapped File | Readable |
|
|
|
|
| reg.exe | 0x00e30000 | 0x00e82fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000e90000 | 0x00e90000 | 0x04e8ffff | Pagefile Backed Memory | - |
|
|
|
|
| bcryptprimitives.dll | 0x74050000 | 0x740a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x740b0000 | 0x740b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x740c0000 | 0x740ddfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x744a0000 | 0x7455dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x74560000 | 0x745a2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x746f0000 | 0x74865fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x749e0000 | 0x74a8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x75fd0000 | 0x75fd6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x762a0000 | 0x7638ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x76870000 | 0x76877fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x76880000 | 0x768cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x768d0000 | 0x76942fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76c50000 | 0x76ccafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x76e80000 | 0x76edbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77090000 | 0x77208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007e190000 | 0x7e190000 | 0x7e28ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007e290000 | 0x7e290000 | 0x7e2b2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007e2b4000 | 0x7e2b4000 | 0x7e2b4fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e2b7000 | 0x7e2b7000 | 0x7e2b7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e2ba000 | 0x7e2ba000 | 0x7e2bcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e2bd000 | 0x7e2bd000 | 0x7e2bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dff470fffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x00007dff47100000 | 0x7dff47100000 | 0x7fff470fffff | Pagefile Backed Memory | - |
|
|
|
|
| ntdll.dll | 0x7fff47100000 | 0x7fff472c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007fff472c2000 | 0x7fff472c2000 | 0x7ffffffeffff | Private Memory | Readable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_ERROR_HANDLE | - |
|
6 | |
| Write | STD_ERROR_HANDLE | size = 7 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 67 |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default | - |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\reg.exe | base_address = 0xe30000 |
|
1 |
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\syswow64\reg.exe |
| Command Line | reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f |
| Initial Working Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:03:04, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:19 |
| Information | Value |
|---|---|
| PID | 0xe98 |
| Parent PID | 0xe40 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E9C
0x
EA0
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000980000 | 0x00980000 | 0x0099ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000980000 | 0x00980000 | 0x0098ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000990000 | 0x00990000 | 0x00993fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000009a0000 | 0x009a0000 | 0x009a1fff | Private Memory | Readable, Writable |
|
|
|
|
| reg.exe.mui | 0x009a0000 | 0x009a9fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000009b0000 | 0x009b0000 | 0x009c3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000009d0000 | 0x009d0000 | 0x00a0ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000a10000 | 0x00a10000 | 0x00a4ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000a50000 | 0x00a50000 | 0x00a53fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000a70000 | 0x00a70000 | 0x00a71fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x00a80000 | 0x00b3dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000b40000 | 0x00b40000 | 0x00b7ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000b80000 | 0x00b80000 | 0x00bbffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bcffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000c20000 | 0x00c20000 | 0x00c2ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000c40000 | 0x00c40000 | 0x00d3ffff | Private Memory | Readable, Writable |
|
|
|
|
| reg.exe | 0x00e30000 | 0x00e82fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000e90000 | 0x00e90000 | 0x04e8ffff | Pagefile Backed Memory | - |
|
|
|
|
| sortdefault.nls | 0x04e90000 | 0x051c6fff | Memory Mapped File | Readable |
|
|
|
|
| bcryptprimitives.dll | 0x74050000 | 0x740a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x740b0000 | 0x740b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x740c0000 | 0x740ddfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x744a0000 | 0x7455dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x74560000 | 0x745a2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x746f0000 | 0x74865fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x749e0000 | 0x74a8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x75fd0000 | 0x75fd6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x762a0000 | 0x7638ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x76870000 | 0x76877fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x76880000 | 0x768cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x768d0000 | 0x76942fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76c50000 | 0x76ccafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x76e80000 | 0x76edbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77090000 | 0x77208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007e470000 | 0x7e470000 | 0x7e56ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007e570000 | 0x7e570000 | 0x7e592fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007e593000 | 0x7e593000 | 0x7e593fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e596000 | 0x7e596000 | 0x7e596fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e59a000 | 0x7e59a000 | 0x7e59cfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007e59d000 | 0x7e59d000 | 0x7e59ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dff470fffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x00007dff47100000 | 0x7dff47100000 | 0x7fff470fffff | Pagefile Backed Memory | - |
|
|
|
|
| ntdll.dll | 0x7fff47100000 | 0x7fff472c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007fff472c2000 | 0x7fff472c2000 | 0x7ffffffeffff | Private Memory | Readable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_ERROR_HANDLE | - |
|
6 | |
| Write | STD_ERROR_HANDLE | size = 7 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 67 |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers | - |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\reg.exe | base_address = 0xe30000 |
|
1 |
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\syswow64\reg.exe |
| Command Line | reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" |
| Initial Working Directory | C:\Users\CIIHMN~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:03:04, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:19 |
| Information | Value |
|---|---|
| PID | 0xea4 |
| Parent PID | 0xe40 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
EA8
0x
EAC
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000550000 | 0x00550000 | 0x0056ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000550000 | 0x00550000 | 0x0055ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000560000 | 0x00560000 | 0x00563fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000570000 | 0x00570000 | 0x00571fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000580000 | 0x00580000 | 0x00593fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000005a0000 | 0x005a0000 | 0x005dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000005e0000 | 0x005e0000 | 0x0061ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000620000 | 0x00620000 | 0x00623fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000630000 | 0x00630000 | 0x00630fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000640000 | 0x00640000 | 0x00641fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000680000 | 0x00680000 | 0x0068ffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x00690000 | 0x0074dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000750000 | 0x00750000 | 0x0078ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000790000 | 0x00790000 | 0x007cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000820000 | 0x00820000 | 0x0091ffff | Private Memory | Readable, Writable |
|
|
|
|
| kernelbase.dll.mui | 0x00920000 | 0x009fefff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000a80000 | 0x00a80000 | 0x00a8ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x00a90000 | 0x00dc6fff | Memory Mapped File | Readable |
|
|
|
|
| reg.exe | 0x00e30000 | 0x00e82fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000e90000 | 0x00e90000 | 0x04e8ffff | Pagefile Backed Memory | - |
|
|
|
|
| bcryptprimitives.dll | 0x74050000 | 0x740a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x740b0000 | 0x740b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x740c0000 | 0x740ddfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x744a0000 | 0x7455dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x74560000 | 0x745a2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x746f0000 | 0x74865fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x749e0000 | 0x74a8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x75fd0000 | 0x75fd6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x762a0000 | 0x7638ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x76870000 | 0x76877fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x76880000 | 0x768cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x768d0000 | 0x76942fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76c50000 | 0x76ccafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x76e80000 | 0x76edbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77090000 | 0x77208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007ede0000 | 0x7ede0000 | 0x7eedffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007eee0000 | 0x7eee0000 | 0x7ef02fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ef08000 | 0x7ef08000 | 0x7ef0afff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef0b000 | 0x7ef0b000 | 0x7ef0dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef0e000 | 0x7ef0e000 | 0x7ef0efff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef0f000 | 0x7ef0f000 | 0x7ef0ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dff470fffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x00007dff47100000 | 0x7dff47100000 | 0x7fff470fffff | Pagefile Backed Memory | - |
|
|
|
|
| ntdll.dll | 0x7fff47100000 | 0x7fff472c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007fff472c2000 | 0x7fff472c2000 | 0x7ffffffeffff | Private Memory | Readable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 39 |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers | - |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers | size = 2, type = REG_SZ |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\reg.exe | base_address = 0xe30000 |
|
1 |
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\windows\syswow64\attrib.exe |
| Command Line | attrib Default.rdp -s -h |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Documents\ |
| Monitor | Start Time: 00:03:04, Reason: Child Process |
| Unmonitor | End Time: 00:05:23, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:19 |
| Remarks | No high level activity detected in monitored regions |
| Information | Value |
|---|---|
| PID | 0xeb0 |
| Parent PID | 0xe40 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
EB4
0x
EB8
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000610000 | 0x00610000 | 0x0062ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000610000 | 0x00610000 | 0x0061ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000620000 | 0x00620000 | 0x00623fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000630000 | 0x00630000 | 0x00631fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000630000 | 0x00630000 | 0x00633fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000640000 | 0x00640000 | 0x00653fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000660000 | 0x00660000 | 0x0069ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000006a0000 | 0x006a0000 | 0x006dffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000006e0000 | 0x006e0000 | 0x006e3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000700000 | 0x00700000 | 0x00701fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000710000 | 0x00710000 | 0x0074ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000780000 | 0x00780000 | 0x0078ffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x00790000 | 0x0084dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000850000 | 0x00850000 | 0x0094ffff | Private Memory | Readable, Writable |
|
|
|
|
| attrib.exe | 0x00970000 | 0x00978fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000980000 | 0x00980000 | 0x0497ffff | Pagefile Backed Memory | - |
|
|
|
|
| private_0x0000000004980000 | 0x04980000 | 0x049bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004a90000 | 0x04a90000 | 0x04a9ffff | Private Memory | Readable, Writable |
|
|
|
|
| fsutilext.dll | 0x74000000 | 0x74009fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ulib.dll | 0x74010000 | 0x74036fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x744a0000 | 0x7455dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x746f0000 | 0x74865fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x762a0000 | 0x7638ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x76870000 | 0x76877fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x76880000 | 0x768cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x768d0000 | 0x76942fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77090000 | 0x77208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007ebc0000 | 0x7ebc0000 | 0x7ecbffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ecc0000 | 0x7ecc0000 | 0x7ece2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ece6000 | 0x7ece6000 | 0x7ece6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ece8000 | 0x7ece8000 | 0x7ece8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ecea000 | 0x7ecea000 | 0x7ececfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007eced000 | 0x7eced000 | 0x7eceffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dff470fffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x00007dff47100000 | 0x7dff47100000 | 0x7fff470fffff | Pagefile Backed Memory | - |
|
|
|
|
| ntdll.dll | 0x7fff47100000 | 0x7fff472c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007fff472c2000 | 0x7fff472c2000 | 0x7ffffffeffff | Private Memory | Readable |
|
|
|
|
